PC infecté.

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Re: PC infecté.

Messagede nickW » 17 Sep 2011, 23:55

Bonsoir,

Je ne sais pas ce que tu as fait avec AdwCleaner (que tu as lancé deux fois en mode "Suppression"), mais cela n'a pas fonctionné.


Nouveau nettoyage:


Étape 1: Désinstallation
Démarrer-->Panneau de configuration-->Programmes-->Programmes et fonctionnalités
Sélectionner (si trouvé) Messenger Plus Community Toolbar puis cliquer sur Désinstaller
Sélectionner (si trouvé) myBabylon English Toolbar puis cliquer sur Désinstaller


Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.


Étape 3: OTL (de OldTimer), correction

Faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Sélectionner toutes les lignes ci-dessous comprises entre les deux lignes ------- (qu'il ne faut pas sélectionner), puis appuyer simultanément sur les touches Ctrl et C
Note importante: ne pas oublier de sélectionner le caractère "deux points" en début de première ligne.

-----------------------------------------------------

:otl
IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files (x86)\Messenger_Plus\prxtbMes0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {d8fb4583-db9d-4c7b-85be-294c13a3e5c4} - C:\Program Files (x86)\MessengerPlusLive_TB\tbMes1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\prxtbfre0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files (x86)\Messenger_Plus\prxtbMes0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {d8fb4583-db9d-4c7b-85be-294c13a3e5c4} - C:\Program Files (x86)\MessengerPlusLive_TB\tbMes1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\prxtbfre0.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..extensions.enabledItems: ShopperReports@ShopperReports.com:3.0.485.0
FF - prefs.js..extensions.enabledItems: firefox@bandoo.com:5.0
FF - prefs.js..extensions.enabledItems: {7FF99715-3016-4381-84CE-E4E4C9673020}:1.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {b760d5a4-8d24-4cb6-942e-d6bb540ad88c}:3.3.3.2
FF - prefs.js..keyword.URL: "http://abuchak.net/?ref=ff.1.1.101&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.startup.homepage: "http://home.sweetim.com"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://abuchak.net/?ref=ff.1.1.87&q="
[2011/08/16 13:52:25 | 000,000,000 | ---D | M] (Messenger Plus Community Toolbar) -- C:\Users\Ezzina Olfi\AppData\Roaming\mozilla\Firefox\Profiles\itl1id5s.default\extensions\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}
[2011/09/07 18:52:36 | 000,000,000 | ---D | M] (free-downloads.net Community Toolbar) -- C:\Users\Ezzina Olfi\AppData\Roaming\mozilla\Firefox\Profiles\itl1id5s.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}
[2011/09/03 01:04:32 | 000,001,241 | ---- | M] () -- C:\Users\Ezzina Olfi\AppData\Roaming\Mozilla\Firefox\Profiles\itl1id5s.default\searchplugins\abuchak.xml
[2011/07/21 15:33:36 | 000,002,185 | ---- | M] () -- C:\Users\Ezzina Olfi\AppData\Roaming\Mozilla\Firefox\Profiles\itl1id5s.default\searchplugins\MyStart Search.xml
[2011/07/19 13:28:41 | 000,003,915 | ---- | M] () -- C:\Users\Ezzina Olfi\AppData\Roaming\Mozilla\Firefox\Profiles\itl1id5s.default\searchplugins\SweetIM Search.xml
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.15.13\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Messenger Plus Community Toolbar) - {9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D} - C:\Program Files (x86)\msgplscomtb\MsgPlsComDx.dll ()
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O2 - BHO: (Messenger Plus Toolbar) - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files (x86)\Messenger_Plus\prxtbMes0.dll (Conduit Ltd.)
O2 - BHO: (MessengerPlusLive TB Toolbar) - {d8fb4583-db9d-4c7b-85be-294c13a3e5c4} - C:\Program Files (x86)\MessengerPlusLive_TB\tbMes1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.15.13\facemoodsTlbr.dll (facemoods.com)
O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\prxtbfre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Messenger Plus Community Toolbar) - {9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D} - C:\Program Files (x86)\msgplscomtb\MsgPlsComDx.dll ()
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Messenger Plus Toolbar) - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files (x86)\Messenger_Plus\prxtbMes0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MessengerPlusLive TB Toolbar) - {d8fb4583-db9d-4c7b-85be-294c13a3e5c4} - C:\Program Files (x86)\MessengerPlusLive_TB\tbMes1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\prxtbfre0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4208893176-3502703170-415781581-1000\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files (x86)\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4208893176-3502703170-415781581-1000\..\Toolbar\WebBrowser: (Messenger Plus Toolbar) - {B760D5A4-8D24-4CB6-942E-D6BB540AD88C} - C:\Program Files (x86)\Messenger_Plus\prxtbMes0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4208893176-3502703170-415781581-1000\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files (x86)\free-downloads.net\prxtbfre0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.15.13\facemoodssrv.exe (facemoods.com)

:Files
C:\Program Files (x86)\tbmyBa.dll

:Commands
[resethosts]
[emptytemp]



-----------------------------------------------------

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: Olfi.
Si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.


Retourner dans la fenêtre de OTL, faire un clic droit dans la zone blanche sous "Personnalisation" Image et choisir Coller (les lignes sélectionnées ci-dessus doivent apparaître dans la zone "Personnalisation").

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer sur le bouton Correction: Image

Note: Lorsque le redémarrage est demandé, cliquer sur Ok

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Correction terminée! Cliquez sur Ok pour afficher le rapport.". Cliquer sur Ok puis fermer OTL.


Étape 4: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 5: OTL (de OldTimer), analyse
Fermer toutes les fenêtres de programme ouvertes.

Faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cocher (en haut) la case située devant Tous les utilisateurs: Image

Puis cliquer sur le bouton Analyse: Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 6: AdwCleaner (de Xplode), analyse
Faire un clic droit sur adwcleaner0.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal d'AdwCleaner s'affiche:
Image

Cliquer sur le bouton Recherche.

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer la fenêtre d'AdwCleaner.
Fermer le Bloc-notes.


Étape 7: Résultats
Envoyer en réponse:
*- le rapport de correction de OTL (contenu du fichier %SystemDrive%\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport d'analyse d'AdwCleaner (contenu du fichier %SystemDrive%\AdwCleaner[Rn].txt, n étant un numéro d'ordre).
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End of report>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: PC infecté.

Messagede Olfi » 18 Sep 2011, 12:17

Bonne journée;
J'ai pu désinstaller Messenger Plus Community Toolbar par contre lors du lancement de la procédure de désinstallation de myBabylon English Toolbar pour la première fois le logiciel Wise Uninstal ne répondait pas alors j'ai forcé sa fermeture et j'ai relancé la procédure de désinstallation plusieurs fois après est c'est la même fenêtre qui s'ouvre toujours de Wise Uninstal dont il y est indiqué Could not open install.log file. Je continue avec la procédure quand même ou y a-t-il une solution pour désinstaller myBabylon English Toolbar.
Cordialement
Ezzina OLFI
Olfi
 
Messages: 35
Inscription: 13 Sep 2011, 09:45

Re: PC infecté.

Messagede Olfi » 18 Sep 2011, 20:05

Salut;
Voici les rapports.
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\ deleted successfully.
C:\Program Files (x86)\myBabylon_English\tbmyBa.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}\ deleted successfully.
C:\Program Files (x86)\Messenger_Plus\prxtbMes0.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{d8fb4583-db9d-4c7b-85be-294c13a3e5c4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8fb4583-db9d-4c7b-85be-294c13a3e5c4}\ deleted successfully.
C:\Program Files (x86)\MessengerPlusLive_TB\tbMes1.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ecdee021-0d17-467f-a1ff-c7a115230949} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecdee021-0d17-467f-a1ff-c7a115230949}\ deleted successfully.
C:\Program Files (x86)\free-downloads.net\prxtbfre0.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}\ not found.
File C:\Program Files (x86)\Messenger_Plus\prxtbMes0.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{d8fb4583-db9d-4c7b-85be-294c13a3e5c4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8fb4583-db9d-4c7b-85be-294c13a3e5c4}\ not found.
File C:\Program Files (x86)\MessengerPlusLive_TB\tbMes1.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ecdee021-0d17-467f-a1ff-c7a115230949} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecdee021-0d17-467f-a1ff-c7a115230949}\ not found.
File C:\Program Files (x86)\free-downloads.net\prxtbfre0.dll not found.
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Prefs.js: "free-downloads.net Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "Web Search" removed from browser.search.order.1
Prefs.js: ShopperReports@ShopperReports.com:3.0.485.0 removed from extensions.enabledItems
Prefs.js: firefox@bandoo.com:5.0 removed from extensions.enabledItems
Prefs.js: {7FF99715-3016-4381-84CE-E4E4C9673020}:1.0 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: {b760d5a4-8d24-4cb6-942e-d6bb540ad88c}:3.3.3.2 removed from extensions.enabledItems
Prefs.js: "http://abuchak.net/?ref=ff.1.1.101&q=" removed from keyword.URL
Prefs.js: "SweetIM Search" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "SweetIM Search" removed from sweetim.toolbar.previous.browser.search.selectedEngine
Prefs.js: "http://home.sweetim.com" removed from browser.startup.homepage
Prefs.js: "http://abuchak.net/?ref=ff.1.1.87&q=" removed from sweetim.toolbar.previous.keyword.URL
C:\Users\Ezzina Olfi\AppData\Roaming\mozilla\Firefox\Profiles\itl1id5s.default\extensions\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}\searchplugin folder moved successfully.
C:\Users\Ezzina Olfi\AppData\Roaming\mozilla\Firefox\Profiles\itl1id5s.default\extensions\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}\modules folder moved successfully.
C:\Users\Ezzina Olfi\AppData\Roaming\mozilla\Firefox\Profiles\itl1id5s.default\extensions\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}\META-INF folder moved successfully.
C:\Users\Ezzina Olfi\AppData\Roaming\mozilla\Firefox\Profiles\itl1id5s.default\extensions\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}\defaults folder moved successfully.
C:\Users\Ezzina Olfi\AppData\Roaming\mozilla\Firefox\Profiles\itl1id5s.default\extensions\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}\components folder moved successfully.
C:\Users\Ezzina Olfi\AppData\Roaming\mozilla\Firefox\Profiles\itl1id5s.default\extensions\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}\chrome folder moved successfully.
C:\Users\Ezzina Olfi\AppData\Roaming\mozilla\Firefox\Profiles\itl1id5s.default\extensions\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c} folder moved successfully.
C:\Users\Ezzina Olfi\AppData\Roaming\mozilla\Firefox\Profiles\itl1id5s.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\searchplugin folder moved successfully.
C:\Users\Ezzina Olfi\AppData\Roaming\mozilla\Firefox\Profiles\itl1id5s.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\modules folder moved successfully.
C:\Users\Ezzina Olfi\AppData\Roaming\mozilla\Firefox\Profiles\itl1id5s.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\META-INF folder moved successfully.
C:\Users\Ezzina Olfi\AppData\Roaming\mozilla\Firefox\Profiles\itl1id5s.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\defaults folder moved successfully.
C:\Users\Ezzina Olfi\AppData\Roaming\mozilla\Firefox\Profiles\itl1id5s.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components folder moved successfully.
C:\Users\Ezzina Olfi\AppData\Roaming\mozilla\Firefox\Profiles\itl1id5s.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\chrome folder moved successfully.
C:\Users\Ezzina Olfi\AppData\Roaming\mozilla\Firefox\Profiles\itl1id5s.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949} folder moved successfully.
C:\Users\Ezzina Olfi\AppData\Roaming\Mozilla\Firefox\Profiles\itl1id5s.default\searchplugins\abuchak.xml moved successfully.
C:\Users\Ezzina Olfi\AppData\Roaming\Mozilla\Firefox\Profiles\itl1id5s.default\searchplugins\MyStart Search.xml moved successfully.
File C:\Users\Ezzina Olfi\AppData\Roaming\Mozilla\Firefox\Profiles\itl1id5s.default\searchplugins\SweetIM Search.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
C:\Program Files (x86)\facemoods.com\facemoods\1.4.15.13\bh\facemoods.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D}\ deleted successfully.
File C:\Program Files (x86)\msgplscomtb\MsgPlsComDx.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\ not found.
File C:\Program Files (x86)\myBabylon_English\tbmyBa.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}\ not found.
File C:\Program Files (x86)\Messenger_Plus\prxtbMes0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d8fb4583-db9d-4c7b-85be-294c13a3e5c4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8fb4583-db9d-4c7b-85be-294c13a3e5c4}\ not found.
File C:\Program Files (x86)\MessengerPlusLive_TB\tbMes1.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ deleted successfully.
C:\Program Files (x86)\facemoods.com\facemoods\1.4.15.13\facemoodsTlbr.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecdee021-0d17-467f-a1ff-c7a115230949}\ not found.
File C:\Program Files (x86)\free-downloads.net\prxtbfre0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D}\ not found.
File C:\Program Files (x86)\msgplscomtb\MsgPlsComDx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\ not found.
File C:\Program Files (x86)\myBabylon_English\tbmyBa.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}\ not found.
File C:\Program Files (x86)\Messenger_Plus\prxtbMes0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{d8fb4583-db9d-4c7b-85be-294c13a3e5c4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8fb4583-db9d-4c7b-85be-294c13a3e5c4}\ not found.
File C:\Program Files (x86)\MessengerPlusLive_TB\tbMes1.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ecdee021-0d17-467f-a1ff-c7a115230949} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecdee021-0d17-467f-a1ff-c7a115230949}\ not found.
File downloads.net\prxtbfre0.dll not found.
Registry value HKEY_USERS\S-1-5-21-4208893176-3502703170-415781581-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}\ not found.
File C:\Program Files (x86)\myBabylon_English\tbmyBa.dll not found.
Registry value HKEY_USERS\S-1-5-21-4208893176-3502703170-415781581-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B760D5A4-8D24-4CB6-942E-D6BB540AD88C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B760D5A4-8D24-4CB6-942E-D6BB540AD88C}\ not found.
File C:\Program Files (x86)\Messenger_Plus\prxtbMes0.dll not found.
Registry value HKEY_USERS\S-1-5-21-4208893176-3502703170-415781581-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{ECDEE021-0D17-467F-A1FF-C7A115230949} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECDEE021-0D17-467F-A1FF-C7A115230949}\ not found.
File downloads.net\prxtbfre0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\facemoods deleted successfully.
C:\Program Files (x86)\facemoods.com\facemoods\1.4.15.13\facemoodssrv.exe moved successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\tbmyBa.dll not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Ezzina Olfi
->Temp folder emptied: 615633728 bytes
->Temporary Internet Files folder emptied: 196616040 bytes
->Java cache emptied: 25527351 bytes
->FireFox cache emptied: 67310249 bytes
->Google Chrome cache emptied: 9248422 bytes
->Flash cache emptied: 70403 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 29784 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67977 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 872,00 mb


OTL by OldTimer - Version 3.2.28.0 log created on 09182011_193516

Files\Folders moved on Reboot...
C:\Users\Ezzina Olfi\AppData\Local\Temp\wzaa5a\IDMIntegrator64.exe moved successfully.
C:\Users\Ezzina Olfi\AppData\Local\Temp\wzaa5a\idmmkb.dll moved successfully.
C:\Users\Ezzina Olfi\AppData\Local\Temp\wzaa5a\IDMShellExt64.dll moved successfully.
C:\Users\Ezzina Olfi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

# AdwCleaner v1.305 - Rapport créé le 18/09/2011 à 19:55:07
# Mis à jour le 07/09/11 à 19h par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : Ezzina Olfi - EZZINAOLFI-PC (Administrateur)
# Exécuté depuis : C:\Users\Ezzina Olfi\Desktop\adwcleaner0.exe
# Option [Recherche]


***** [Processus] *****


***** [Services] *****


***** [Fichiers / Dossiers] *****


***** [Registre] *****

Clé Présente : HKCU\Software\Conduit

***** [Registre (64 bits)] *****

[x64] Clé Présente : HKCU64\Software\Conduit

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v6.0.2 (fr)

Profil : itl1id5s.default
Fichier : C:\Users\Ezzina Olfi\AppData\Roaming\Mozilla\Firefox\Profiles\itl1id5s.default\prefs.js

Présente : user_pref("extensions.likethepage.addit.remoteInstallItems", "{ \"software\": {\"20\": {\"id\": \"20\",\"title\": \"Babylon\",\"type\": \"EXE\",\"url\": \"hxxps://www.softpublisher.com/partners/rd/babylon/\",\"homepage\": \"hxxp://www.babylon.com/\",\"icon url\": \"hxxp://www.babylon.com/favicon.ico\",\"is standalone\": \"\",\"verify\": \"rv:HKCU,Software\\\\BabylonToolbar\\\\BabylonToolbar\\\\user,dfltLng,en\",\"exe args\": \"-semi -affilID=18508\",\"category\": \"Language\",\"is default\": \"1\",\"name\": \"Babylon\",\"description\": \"Desktop translation tool (translate entire documents, single-click access)\"},\"89\": {\"id\": \"89\",\"title\": \"SmartSuggestor\",\"type\": \"EXE\",\"url\": \"hxxps://www.softpublisher.com/downloads/smartsuggestor.exe\",\"homepage\": \"hxxp://smartsuggestor.com/\",\"icon url\": \"hxxp://smartsuggestor.com/favicon.ico\",\"is standalone\": \"\",\"category\": \"General\",\"is default\": \"1\",\"name\": \"SmartSuggestor\",\"description\": \"Browser enhancements, keyword suggestions, similar sites, Wikipedia, etc.\"},\"82\": {\"id\": \"82\",\"title\": \"DealPly\",\"type\": \"XPI\",\"url\": \"hxxp://installs.dealply.com/latest/adfx/adfx/dealply.xpi\",\"homepage\": \"hxxp://www.dealply.com\",\"icon url\": \"hxxp://www.linkular.com/img/icons/publishers/dealply.ico\",\"is standalone\": \"\",\"xpi euid\": \"EB9394A3-4AD6-4918-9537-31A1FD8E8EDF\",\"category\": \"General\",\"is default\": \"1\",\"name\": \"DealPly\",\"description\": \"Save time and money, tap into thousands of deals and coupons, etc.\"},\"1\": {\"id\": \"1\",\"title\": \"FoxLingo\",\"type\": \"XPI\",\"url\": \"hxxps://addons.mozilla.org/en-US/firefox/downloads/latest/2444/addon-2444-latest.xpi?src=external-addonfox\",\"homepage\": \"hxxp://www.foxlingo.com/\",\"icon url\": \"hxxp://www.foxlingo.com/favicon.ico\",\"is standalone\": \"\",\"xpi euid\": \"ef62e1ce-d2a4-4cdd-b7ec-92b120366b66\",\"xpi prefs\": \"foxlingo.fulllogo=false\",\"category\": \"Language\",\"is default\": \"\",\"name\": \"FoxLingo\",\"description\": \"Web page and text translator, dictionary, grammar checker, text-to-speech, etc.\"},\"77\": {\"id\": \"77\",\"title\": \"FaceSmooch\",\"type\": \"EXE\",\"url\": \"hxxps://www.softpublisher.com/downloads/facesmooch.exe\",\"homepage\": \"hxxp://facesmooch.com/\",\"icon url\": \"hxxp://facesmooch.com/favicon.ico\",\"is standalone\": \"\",\"verify\": \"rv:HKU,current\\\\software\\\\Minibar,affid,facesmooch22\",\"category\": \"Social\",\"is default\": \"\",\"name\": \"FaceSmooch\",\"description\": \"Free emoticons, smileys, and icons for your Facebook chat\"}}}");
Présente : user_pref("extensions.linkextend.addit.remoteInstallItems", "{ \"software\": {\"20\": {\"id\": \"20\",\"title\": \"Babylon\",\"type\": \"EXE\",\"url\": \"hxxps://www.softpublisher.com/partners/rd/babylon/\",\"homepage\": \"hxxp://www.babylon.com/\",\"icon url\": \"hxxp://www.babylon.com/favicon.ico\",\"is standalone\": \"\",\"verify\": \"rv:HKCU,Software\\\\BabylonToolbar\\\\BabylonToolbar\\\\user,dfltLng,en\",\"exe args\": \"-semi -affilID=18508\",\"category\": \"Language\",\"is default\": \"1\",\"name\": \"Babylon\",\"description\": \"Desktop translation tool (translate entire documents, single-click access)\"},\"89\": {\"id\": \"89\",\"title\": \"SmartSuggestor\",\"type\": \"EXE\",\"url\": \"hxxps://www.softpublisher.com/downloads/smartsuggestor.exe\",\"homepage\": \"hxxp://smartsuggestor.com/\",\"icon url\": \"hxxp://smartsuggestor.com/favicon.ico\",\"is standalone\": \"\",\"category\": \"General\",\"is default\": \"1\",\"name\": \"SmartSuggestor\",\"description\": \"Browser enhancements, keyword suggestions, similar sites, Wikipedia, etc.\"},\"82\": {\"id\": \"82\",\"title\": \"DealPly\",\"type\": \"XPI\",\"url\": \"hxxp://installs.dealply.com/latest/adfx/adfx/dealply.xpi\",\"homepage\": \"hxxp://www.dealply.com\",\"icon url\": \"hxxp://www.linkular.com/img/icons/publishers/dealply.ico\",\"is standalone\": \"\",\"xpi euid\": \"EB9394A3-4AD6-4918-9537-31A1FD8E8EDF\",\"category\": \"General\",\"is default\": \"1\",\"name\": \"DealPly\",\"description\": \"Save time and money, tap into thousands of deals and coupons, etc.\"},\"1\": {\"id\": \"1\",\"title\": \"FoxLingo\",\"type\": \"XPI\",\"url\": \"hxxps://addons.mozilla.org/en-US/firefox/downloads/latest/2444/addon-2444-latest.xpi?src=external-addonfox\",\"homepage\": \"hxxp://www.foxlingo.com/\",\"icon url\": \"hxxp://www.foxlingo.com/favicon.ico\",\"is standalone\": \"\",\"xpi euid\": \"ef62e1ce-d2a4-4cdd-b7ec-92b120366b66\",\"xpi prefs\": \"foxlingo.fulllogo=false\",\"category\": \"Language\",\"is default\": \"\",\"name\": \"FoxLingo\",\"description\": \"Web page and text translator, dictionary, grammar checker, text-to-speech, etc.\"},\"77\": {\"id\": \"77\",\"title\": \"FaceSmooch\",\"type\": \"EXE\",\"url\": \"hxxps://www.softpublisher.com/downloads/facesmooch.exe\",\"homepage\": \"hxxp://facesmooch.com/\",\"icon url\": \"hxxp://facesmooch.com/favicon.ico\",\"is standalone\": \"\",\"verify\": \"rv:HKU,current\\\\software\\\\Minibar,affid,facesmooch22\",\"category\": \"Social\",\"is default\": \"\",\"name\": \"FaceSmooch\",\"description\": \"Free emoticons, smileys, and icons for your Facebook chat\"}}}");
Présente : user_pref("extensions.tweakmdb.addit.remoteInstallItems", "{ \"software\": {\"20\": {\"id\": \"20\",\"title\": \"Babylon\",\"type\": \"EXE\",\"url\": \"hxxps://www.softpublisher.com/partners/rd/babylon/\",\"homepage\": \"hxxp://www.babylon.com/\",\"icon url\": \"hxxp://www.babylon.com/favicon.ico\",\"is standalone\": \"\",\"verify\": \"rv:HKCU,Software\\\\BabylonToolbar\\\\BabylonToolbar\\\\user,dfltLng,en\",\"exe args\": \"-semi -affilID=18508\",\"category\": \"Language\",\"is default\": \"1\",\"name\": \"Babylon\",\"description\": \"Desktop translation tool (translate entire documents, single-click access)\"},\"89\": {\"id\": \"89\",\"title\": \"SmartSuggestor\",\"type\": \"EXE\",\"url\": \"hxxps://www.softpublisher.com/downloads/smartsuggestor.exe\",\"homepage\": \"hxxp://smartsuggestor.com/\",\"icon url\": \"hxxp://smartsuggestor.com/favicon.ico\",\"is standalone\": \"\",\"category\": \"General\",\"is default\": \"1\",\"name\": \"SmartSuggestor\",\"description\": \"Browser enhancements, keyword suggestions, similar sites, Wikipedia, etc.\"},\"82\": {\"id\": \"82\",\"title\": \"DealPly\",\"type\": \"XPI\",\"url\": \"hxxp://installs.dealply.com/latest/adfx/adfx/dealply.xpi\",\"homepage\": \"hxxp://www.dealply.com\",\"icon url\": \"hxxp://www.linkular.com/img/icons/publishers/dealply.ico\",\"is standalone\": \"\",\"xpi euid\": \"EB9394A3-4AD6-4918-9537-31A1FD8E8EDF\",\"category\": \"General\",\"is default\": \"1\",\"name\": \"DealPly\",\"description\": \"Save time and money, tap into thousands of deals and coupons, etc.\"},\"1\": {\"id\": \"1\",\"title\": \"FoxLingo\",\"type\": \"XPI\",\"url\": \"hxxps://addons.mozilla.org/en-US/firefox/downloads/latest/2444/addon-2444-latest.xpi?src=external-addonfox\",\"homepage\": \"hxxp://www.foxlingo.com/\",\"icon url\": \"hxxp://www.foxlingo.com/favicon.ico\",\"is standalone\": \"\",\"xpi euid\": \"ef62e1ce-d2a4-4cdd-b7ec-92b120366b66\",\"xpi prefs\": \"foxlingo.fulllogo=false\",\"category\": \"Language\",\"is default\": \"\",\"name\": \"FoxLingo\",\"description\": \"Web page and text translator, dictionary, grammar checker, text-to-speech, etc.\"},\"77\": {\"id\": \"77\",\"title\": \"FaceSmooch\",\"type\": \"EXE\",\"url\": \"hxxps://www.softpublisher.com/downloads/facesmooch.exe\",\"homepage\": \"hxxp://facesmooch.com/\",\"icon url\": \"hxxp://facesmooch.com/favicon.ico\",\"is standalone\": \"\",\"verify\": \"rv:HKU,current\\\\software\\\\Minibar,affid,facesmooch22\",\"category\": \"Social\",\"is default\": \"\",\"name\": \"FaceSmooch\",\"description\": \"Free emoticons, smileys, and icons for your Facebook chat\"}}}");
Présente : user_pref("keyword.URL", "hxxp://abuchak.net/?ref=ff.1.1.101&q=");

Profil : xljhq149.default
Fichier : C:\Users\Ezzina Olfi\AppData\Roaming\Mozilla\Firefox\Profiles\xljhq149.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

-\\ Google Chrome v [Impossible d'obtenir la version]

Fichier : C:\Users\Ezzina Olfi\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [41505 octets] - [13/09/2011 19:14:18]
AdwCleaner[S1].txt - [0 octets] - [17/09/2011 02:13:26]
AdwCleaner[S2].txt - [1593 octets] - [17/09/2011 02:14:43]
AdwCleaner[R2].txt - [9420 octets] - [18/09/2011 19:55:07]

########## EOF - C:\AdwCleaner[R2].txt - [9548 octets] ##########
Olfi
 
Messages: 35
Inscription: 13 Sep 2011, 09:45

Re: PC infecté.

Messagede Olfi » 18 Sep 2011, 20:12

OTL logfile created on: 18/09/2011 19:46:52 - Run 5
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Ezzina Olfi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,97 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 50,29% Memory free
7,93 Gb Paging File | 5,37 Gb Available in Paging File | 67,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,58 Gb Total Space | 128,31 Gb Free Space | 28,35% Space Free | Partition Type: NTFS
Drive D: | 12,98 Gb Total Space | 2,16 Gb Free Space | 16,67% Space Free | Partition Type: NTFS

Computer Name: EZZINAOLFI-PC | User Name: Ezzina Olfi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/13 18:22:21 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Ezzina Olfi\Desktop\OTL.exe
PRC - [2011/09/06 21:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 21:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/09/01 12:39:54 | 000,966,712 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/28 16:06:26 | 000,366,024 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe
PRC - [2011/08/28 16:06:26 | 000,263,624 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\bin\ImApp.exe
PRC - [2011/08/01 04:32:20 | 000,020,880 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011/08/01 04:32:10 | 003,507,088 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/07/25 21:44:53 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/07/20 11:28:38 | 001,376,304 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
PRC - [2011/06/16 08:24:20 | 000,141,824 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2011/06/14 17:42:26 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/26 11:29:03 | 000,800,768 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/03/19 14:55:24 | 001,204,224 | ---- | M] (www.IslamicFinder.org) -- C:\Program Files (x86)\Athan\Athan.exe
PRC - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/08/09 14:00:38 | 000,284,016 | ---- | M] (Driver-Soft Inc.) -- C:\Program Files (x86)\Driver-Soft\DriverGenius\TaskTray.exe
PRC - [2010/07/09 12:40:24 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/12/17 06:42:06 | 000,105,632 | ---- | M] (Corel) -- C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
PRC - [2009/07/23 19:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/23 10:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/03/03 11:38:40 | 000,145,736 | ---- | M] (Metacafe) -- C:\Program Files (x86)\Metacafe\MetacafeAgent.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/04/19 15:45:06 | 000,074,672 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe
PRC - [2007/04/19 15:44:12 | 000,058,288 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmon.exe
PRC - [2006/06/13 17:11:46 | 000,351,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE
PRC - [2002/10/25 16:29:20 | 000,311,296 | ---- | M] () -- C:\Program Files (x86)\Larousse\Larousse Expression\bin\olfTray.exe
PRC - [2002/10/25 11:39:54 | 000,966,656 | ---- | M] () -- C:\Program Files (x86)\Larousse\Larousse Expression\bin\OLF.exe
PRC - [2002/10/24 10:45:28 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Larousse\Shared\bin\HISrv3.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/18 19:42:03 | 000,115,137 | ---- | M] () -- C:\Users\Ezzina Olfi\AppData\Local\Temp\3dcf2df1-2a83-477c-a7dd-858967792357\CliSecureRT.dll
MOD - [2011/08/31 03:37:32 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\49a869f7cecc4837d0ba80fd383b716f\System.Management.ni.dll
MOD - [2011/08/31 03:36:06 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e1794b5c931858179cdb9295b7c0fec8\System.Runtime.Remoting.ni.dll
MOD - [2011/08/31 03:35:59 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a033c53c05f563f780a669d5477c2281\System.Xaml.ni.dll
MOD - [2011/08/31 01:54:02 | 018,019,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ee3cfefc6b1c79b2654f6225b9f412d1\PresentationFramework.ni.dll
MOD - [2011/08/31 01:53:52 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dc7d4afaac16149920cb140efa9082a2\PresentationFramework.Aero.ni.dll
MOD - [2011/08/31 01:53:46 | 011,470,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\06c0cd2b5cfaed3923676f02469b0439\PresentationCore.ni.dll
MOD - [2011/08/31 01:53:41 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\99199c87964064eb6755eac087c82580\System.Windows.Forms.ni.dll
MOD - [2011/08/31 01:53:35 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\58d351e601da7071a83e73aec83f69b4\WindowsBase.ni.dll
MOD - [2011/08/31 01:53:32 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9de1ba31763ae79e1411e932830a359f\System.Drawing.ni.dll
MOD - [2011/08/31 01:53:29 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4788ba976ec6b1d6a725862d44bafcb3\System.Core.ni.dll
MOD - [2011/08/31 01:53:25 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bfc7d61ef8a7858140ffb0a610e9db39\System.Xml.ni.dll
MOD - [2011/08/31 01:53:21 | 009,086,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\647979acaa344a521052767a61d8adeb\System.ni.dll
MOD - [2011/08/31 01:53:15 | 014,409,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\07b8cdebc8d6a4a3ee47da99088be5cc\mscorlib.ni.dll
MOD - [2011/08/28 16:06:26 | 000,267,720 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\bin\ImLookExU.dll
MOD - [2011/08/28 16:06:26 | 000,132,552 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\bin\ImComUtlU.dll
MOD - [2011/08/28 16:06:26 | 000,071,112 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\bin\wlessfp1.dll
MOD - [2011/08/22 22:53:02 | 000,107,896 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\bin\PMC.dll
MOD - [2011/08/22 22:53:02 | 000,079,304 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\bin\ImAppRU.dll
MOD - [2011/08/19 23:09:51 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7f94f6b13f92f1e093716d3e15bf86d1\PresentationFramework.Aero.ni.dll
MOD - [2011/08/19 23:09:08 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8b3b6ed74cb3d94695b0eaf94a362d42\UIAutomationTypes.ni.dll
MOD - [2011/08/19 23:09:06 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c60906a715473ceccf93f0559527e84d\PresentationFramework.ni.dll
MOD - [2011/08/19 23:08:52 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5566b57732d9edea236f54d06149835a\PresentationCore.ni.dll
MOD - [2011/08/19 23:06:38 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll
MOD - [2011/08/19 23:06:25 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\b7d1c271ec6b4df64c95563fc81ffc2f\System.Data.ni.dll
MOD - [2011/08/19 23:06:19 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\33b601c8e2cf4993e68d763389246197\System.Web.ni.dll
MOD - [2011/08/19 23:06:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll
MOD - [2011/08/19 23:06:11 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
MOD - [2011/08/19 23:06:11 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\404a96929233a9369c11956e9c0259c2\IAStorCommon.ni.dll
MOD - [2011/08/19 23:06:09 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\eb0d3659dc2d7c3c0738be9a95c92061\IAStorUtil.ni.dll
MOD - [2011/08/19 23:06:06 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011/08/19 23:05:59 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/08/19 23:05:55 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/08/19 23:05:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/08/19 23:05:36 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/08/19 23:05:23 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/08/01 04:32:20 | 000,020,880 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011/07/13 15:42:58 | 000,931,896 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Maps Service API.dll
MOD - [2011/07/13 15:41:54 | 010,837,504 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtWebKit4.dll
MOD - [2011/07/13 15:41:54 | 008,166,912 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtGui4.dll
MOD - [2011/07/13 15:41:54 | 002,551,296 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtXmlPatterns4.dll
MOD - [2011/07/13 15:41:54 | 002,282,496 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtCore4.dll
MOD - [2011/07/13 15:41:54 | 001,288,192 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtScript4.dll
MOD - [2011/07/13 15:41:54 | 000,913,920 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtNetwork4.dll
MOD - [2011/07/13 15:41:54 | 000,676,864 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtOpenGL4.dll
MOD - [2011/07/13 15:41:54 | 000,416,256 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\sqldrivers\qsqlite4.dll
MOD - [2011/07/13 15:41:54 | 000,340,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtXml4.dll
MOD - [2011/07/13 15:41:54 | 000,266,752 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\phonon4.dll
MOD - [2011/07/13 15:41:54 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Imageformats\qjpeg4.dll
MOD - [2011/07/13 15:41:54 | 000,190,464 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtSql4.dll
MOD - [2011/07/13 15:41:54 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Imageformats\qgif4.dll
MOD - [2011/07/13 15:41:52 | 002,246,656 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtDeclarative4.dll
MOD - [2011/07/13 15:12:46 | 000,508,416 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtMultimediaKit1.dll
MOD - [2011/07/13 15:12:46 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\mediaservice\dsengine.dll
MOD - [2011/07/13 15:12:18 | 000,378,880 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QxtCore.dll
MOD - [2011/07/13 15:12:18 | 000,159,232 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QxtWeb.dll
MOD - [2011/07/13 15:12:16 | 000,089,088 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\qjson.dll
MOD - [2011/07/13 15:12:14 | 000,392,080 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\ssoengine.dll
MOD - [2011/07/13 15:12:14 | 000,387,976 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\OviShareLib.dll
MOD - [2011/07/13 15:12:14 | 000,058,768 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\securestorage.dll
MOD - [2011/07/13 15:11:06 | 000,727,552 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\CommonUpdateChecker.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/28 19:25:58 | 000,123,448 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2010/11/13 00:52:13 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/05/06 03:22:44 | 000,161,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Practices.EnterpriseLibrary.Common\3.1.0.0__b03f5f7f11d50a3a\Microsoft.Practices.EnterpriseLibrary.Common.dll
MOD - [2010/05/06 03:22:44 | 000,079,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling\3.1.0.0__b03f5f7f11d50a3a\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.dll
MOD - [2010/05/06 03:22:44 | 000,064,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Practices.ObjectBuilder\1.0.51206.0__b03f5f7f11d50a3a\Microsoft.Practices.ObjectBuilder.dll
MOD - [2010/03/19 10:45:36 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/03/19 10:45:36 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/03/19 10:45:36 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2010/03/08 21:08:28 | 000,282,697 | ---- | M] () -- C:\Program Files (x86)\Athan\vbp.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/08/21 04:23:09 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2009/08/21 04:23:06 | 000,245,760 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009/07/23 10:37:14 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/07/15 16:51:04 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/07/15 16:51:02 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/07/15 16:50:58 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/07/15 16:50:56 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/07/15 16:50:56 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/07/15 16:50:54 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/07/15 16:50:52 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/07/15 16:50:44 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2006/06/13 17:13:00 | 000,346,904 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Reference 2007\MSENCXML.DLL
MOD - [2006/06/13 17:13:00 | 000,260,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Reference 2007\ERSREGPR.DLL
MOD - [2006/06/13 17:13:00 | 000,228,120 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Reference 2007\MSENCDAT.DLL
MOD - [2006/06/13 17:13:00 | 000,178,968 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Reference 2007\ENCCONT.DLL
MOD - [2006/06/13 17:11:45 | 000,068,376 | ---- | M] () -- C:\Program Files (x86)\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICTEIT.EBK
MOD - [2006/03/07 11:29:48 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Metacafe\SystemUtils.dll
MOD - [2005/07/20 11:48:10 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\zlib1.dll
MOD - [2004/12/25 12:37:22 | 000,258,121 | ---- | M] () -- C:\Program Files (x86)\Athan\vbh.dll
MOD - [2004/03/20 13:49:40 | 000,229,444 | ---- | M] () -- C:\Program Files (x86)\Athan\vbq.dll
MOD - [2002/10/25 16:29:20 | 000,311,296 | ---- | M] () -- C:\Program Files (x86)\Larousse\Larousse Expression\bin\olfTray.exe
MOD - [2002/10/25 11:39:54 | 000,966,656 | ---- | M] () -- C:\Program Files (x86)\Larousse\Larousse Expression\bin\OLF.exe
MOD - [2002/10/24 10:45:28 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Larousse\Shared\bin\HISrv3.exe
MOD - [2002/10/24 10:43:28 | 000,446,464 | ---- | M] () -- C:\Program Files (x86)\Larousse\Shared\bin\HIIndex3.dll
MOD - [2002/10/11 10:48:24 | 000,135,168 | ---- | M] () -- C:\Windows\SysWOW64\KleiaHook.dll
MOD - [2002/10/01 18:18:10 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Larousse\Shared\bin\CHIDichoIndex.dll
MOD - [2000/09/28 08:27:10 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Larousse\Shared\bin\HILDataObj.dll
MOD - [2000/09/26 08:10:42 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Larousse\Shared\bin\HICompress.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/06 21:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/08/21 23:51:48 | 001,028,096 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/07/28 22:35:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/07/20 11:27:04 | 000,591,920 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\LEsrv.exe -- (Bluetooth Low Energy Service)
SRV:64bit: - [2011/07/20 11:26:50 | 001,250,352 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV:64bit: - [2011/07/20 11:26:46 | 004,187,696 | ---- | M] (Motorola Solutions, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV:64bit: - [2011/06/29 17:25:12 | 003,246,920 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV:64bit: - [2011/06/17 19:28:30 | 000,786,992 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/04/24 11:17:28 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/03/21 11:17:46 | 000,341,312 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe -- (NitroDriverReadSpool)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/28 03:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2007/04/19 15:43:56 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxczcoms.exe -- (lxcz_device)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/21 23:51:47 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/01 22:26:03 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/12/21 21:39:21 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/09 12:40:24 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/22 11:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/04/19 15:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxczcoms.exe -- (lxcz_device)
SRV - [2003/04/18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/06 21:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/09/06 21:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/09/06 21:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/09/06 21:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/09/06 21:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/09/06 21:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/28 23:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/07/28 23:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/28 21:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/07/25 19:10:44 | 000,684,416 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmusb.sys -- (BTMUSB)
DRV:64bit: - [2011/07/25 14:29:54 | 000,026,200 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2011/07/22 11:28:38 | 000,175,192 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/07/06 18:12:50 | 000,367,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2011/06/10 14:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/05/18 10:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/05/18 10:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/05/18 10:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/05/18 10:14:12 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/05/18 10:09:48 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/07 22:54:50 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/03/17 16:52:34 | 000,146,568 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/22 18:33:16 | 000,052,736 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmcom.sys -- (BTMCOM)
DRV:64bit: - [2011/01/19 11:28:55 | 008,080,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Pilote de carte de la série Intel(R)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/26 14:18:58 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010/07/26 14:15:26 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/07/20 04:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/07/20 04:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/07/20 04:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/13 21:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/03/02 05:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/01/13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Pilote de carte Intel(R)
DRV:64bit: - [2009/08/13 11:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/23 18:02:38 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 19:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/29 18:00:00 | 000,116,752 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2010/07/26 14:15:26 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2010/01/29 11:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [1999/09/25 17:03:10 | 000,014,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (Secdrv)
DRV - [1998/04/13 10:00:00 | 000,006,848 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\cvintdrv.sys -- (cvintdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - Reg Error: No CLSID value found. File not found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4208893176-3502703170-415781581-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-4208893176-3502703170-415781581-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4208893176-3502703170-415781581-1000\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - Reg Error: No CLSID value found. File not found
IE - HKU\S-1-5-21-4208893176-3502703170-415781581-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4208893176-3502703170-415781581-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/webhp?hl=fr"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: ShopperReports@ShopperReports.com:3.0.485.0
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: vinceturk@gmail.com:2.6.0.715
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.2.6
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.2
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5
FF - prefs.js..extensions.enabledItems: firefox@bandoo.com:5.0
FF - prefs.js..extensions.enabledItems: {7FF99715-3016-4381-84CE-E4E4C9673020}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {b760d5a4-8d24-4cb6-942e-d6bb540ad88c}:3.3.3.2
FF - prefs.js..keyword.URL: "http://abuchak.net/?ref=ff.1.1.101&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/25 21:45:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/09/07 08:45:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\components [2011/09/07 18:52:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\plugins [2011/09/15 14:55:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/07/15 13:44:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\vinceturk@gmail.com: C:\Program Files (x86)\KwiClick LLC\KwiClick\ [2010/10/02 00:56:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Ezzina Olfi\AppData\Roaming\IDM\idmmzcc3 [2011/08/23 16:38:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Ezzina Olfi\AppData\Roaming\IDM\idmmzcc3 [2011/08/23 16:38:08 | 000,000,000 | ---D | M]

[2011/01/24 21:29:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ezzina Olfi\AppData\Roaming\mozilla\Extensions
[2011/09/18 19:35:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ezzina Olfi\AppData\Roaming\mozilla\Firefox\Profiles\itl1id5s.default\extensions
[2011/07/16 11:34:02 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Ezzina Olfi\AppData\Roaming\mozilla\Firefox\Profiles\itl1id5s.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/08/30 10:43:09 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Ezzina Olfi\AppData\Roaming\mozilla\Firefox\Profiles\itl1id5s.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/09/01 01:32:49 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Ezzina Olfi\AppData\Roaming\mozilla\Firefox\Profiles\itl1id5s.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011/08/23 23:27:48 | 000,000,000 | ---D | M] (Billeo) -- C:\Users\Ezzina Olfi\AppData\Roaming\mozilla\Firefox\Profiles\itl1id5s.default\extensions\{4be68a18-deba-49e0-9e09-ee7796f3b62a}
[2011/08/16 13:52:29 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Users\Ezzina Olfi\AppData\Roaming\mozilla\Firefox\Profiles\itl1id5s.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
[2011/06/05 10:17:36 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Ezzina Olfi\AppData\Roaming\mozilla\Firefox\Profiles\itl1id5s.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2011/07/10 16:08:02 | 000,000,000 | ---D | M] (Dictionary Switcher) -- C:\Users\Ezzina Olfi\AppData\Roaming\mozilla\Firefox\Profiles\itl1id5s.default\extensions\dictionary-switcher@design-noir.de
[2011/09/11 08:28:20 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Ezzina Olfi\AppData\Roaming\mozilla\Firefox\Profiles\itl1id5s.default\extensions\foxyproxy@eric.h.jung
[2011/09/18 02:12:22 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Ezzina Olfi\AppData\Roaming\mozilla\Firefox\Profiles\itl1id5s.default\extensions\piclens@cooliris.com
[2011/06/05 10:17:22 | 000,000,000 | ---D | M] (KwiClick) -- C:\Users\Ezzina Olfi\AppData\Roaming\mozilla\Firefox\Profiles\itl1id5s.default\extensions\vinceturk@gmail.com
[2011/01/23 18:37:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ezzina Olfi\AppData\Roaming\mozilla\Firefox\Profiles\xljhq149.default\extensions
[2011/06/22 18:22:27 | 000,002,768 | ---- | M] () -- C:\Users\Ezzina Olfi\AppData\Roaming\Mozilla\Firefox\Profiles\itl1id5s.default\searchplugins\Plusnetwork.xml
[2011/07/19 13:29:15 | 000,003,915 | ---- | M] () -- C:\Users\Ezzina Olfi\AppData\Roaming\Mozilla\Firefox\Profiles\itl1id5s.default\searchplugins\sweetim.xml
[2011/09/07 08:45:06 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/07/25 21:45:31 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\EZZINA OLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ITL1ID5S.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\USERS\EZZINA OLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ITL1ID5S.DEFAULT\EXTENSIONS\{0C8FBD76-BDEB-4C52-9B24-D587CE7B9DC3}.XPI
() (No name found) -- C:\USERS\EZZINA OLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ITL1ID5S.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE80}.XPI
() (No name found) -- C:\USERS\EZZINA OLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ITL1ID5S.DEFAULT\EXTENSIONS\{15A82062-5139-4855-9706-130A8A4BE80C}.XPI
() (No name found) -- C:\USERS\EZZINA OLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ITL1ID5S.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\EZZINA OLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ITL1ID5S.DEFAULT\EXTENSIONS\{1A2D0EC4-75F5-4C91-89C4-3656F6E44B68}.XPI
() (No name found) -- C:\USERS\EZZINA OLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ITL1ID5S.DEFAULT\EXTENSIONS\{25A1388B-6B18-46C3-BEBA-A81915D0DE8F}.XPI
() (No name found) -- C:\USERS\EZZINA OLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ITL1ID5S.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
() (No name found) -- C:\USERS\EZZINA OLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ITL1ID5S.DEFAULT\EXTENSIONS\{45E16761-660C-41A4-984F-56986FBA2137}.XPI
() (No name found) -- C:\USERS\EZZINA OLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ITL1ID5S.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\EZZINA OLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ITL1ID5S.DEFAULT\EXTENSIONS\{7A88E876-D715-4503-A7BF-A8EBA13CA3F9}.XPI
() (No name found) -- C:\USERS\EZZINA OLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ITL1ID5S.DEFAULT\EXTENSIONS\{89F8DDE0-010A-11DA-8CD6-0800200C9A66}.XPI
() (No name found) -- C:\USERS\EZZINA OLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ITL1ID5S.DEFAULT\EXTENSIONS\{8B72860F-C5F8-4286-865E-D2C2DB98A9E6}.XPI
() (No name found) -- C:\USERS\EZZINA OLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ITL1ID5S.DEFAULT\EXTENSIONS\{902D2C4A-457A-4EF9-AD43-7014562929FF}.XPI
() (No name found) -- C:\USERS\EZZINA OLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ITL1ID5S.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
() (No name found) -- C:\USERS\EZZINA OLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ITL1ID5S.DEFAULT\EXTENSIONS\{AD48108D-92A6-4EB9-87E4-978ACA1DBAE4}.XPI
() (No name found) -- C:\USERS\EZZINA OLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ITL1ID5S.DEFAULT\EXTENSIONS\{C7661BD8-EC96-CF1F-ABB1-1F239FBDBBB9}.XPI
() (No name found) -- C:\USERS\EZZINA OLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ITL1ID5S.DEFAULT\EXTENSIONS\{CF47767D-5F3A-4E32-9FCE-5D79565C9702}.XPI
() (No name found) -- C:\USERS\EZZINA OLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ITL1ID5S.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\EZZINA OLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ITL1ID5S.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\EZZINA OLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ITL1ID5S.DEFAULT\EXTENSIONS\ADD-TO-SEARCHBOX@MALTEKRAUS.DE.XPI
() (No name found) -- C:\USERS\EZZINA OLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ITL1ID5S.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI
() (No name found) -- C:\USERS\EZZINA OLFI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ITL1ID5S.DEFAULT\EXTENSIONS\NOSQUINT@URANDOM.CA.XPI
Olfi
 
Messages: 35
Inscription: 13 Sep 2011, 09:45

Re: PC infecté.

Messagede Olfi » 18 Sep 2011, 20:13

O1 HOSTS File: ([2011/09/18 19:35:39 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Users\Ezzina Olfi\AppData\Local\Temp\wzaa5a\IDMIECC64.dll File not found
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Users\Ezzina Olfi\AppData\Local\Temp\wzaa5a\IDMIECC.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-4208893176-3502703170-415781581-1000\..\Toolbar\WebBrowser - No CLSID value found.
O3: - HKU\S-1-5-21-4208893176-3502703170-415781581-1000\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKU\S-1-5-21-4208893176-3502703170-415781581-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-4208893176-3502703170-415781581-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-4208893176-3502703170-415781581-1000\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKU\S-1-5-21-4208893176-3502703170-415781581-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3:64bit: - HKU\S-1-5-21-4208893176-3502703170-415781581-1000\..\Toolbar\WebBrowser - No CLSID value found.
O3: - HKU\S-1-5-21-4208893176-3502703170-415781581-1000\..\Toolbar\WebBrowser - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-4208893176-3502703170-415781581-1000\..\Toolbar\WebBrowser - No CLSID value found.
O3: - HKU\S-1-5-21-4208893176-3502703170-415781581-1000\..\Toolbar\WebBrowser - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [lxczbmgr.exe] C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Athan] C:\Program Files (x86)\Athan\Athan.exe (www.IslamicFinder.org)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [Standby] c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TaskTray] C:\Program Files (x86)\Driver-Soft\DriverGenius\TaskTray.exe (Driver-Soft Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4208893176-3502703170-415781581-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-4208893176-3502703170-415781581-1000..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-4208893176-3502703170-415781581-1000..\Run: [IDMan] C:\Users\Ezzina Olfi\AppData\Local\Temp\wzaa5a\IDMan.exe /onboot File not found
O4 - HKU\S-1-5-21-4208893176-3502703170-415781581-1000..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-4208893176-3502703170-415781581-1000..\Run: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun File not found
O4 - HKU\S-1-5-21-4208893176-3502703170-415781581-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-4208893176-3502703170-415781581-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-4208893176-3502703170-415781581-1000..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-4208893176-3502703170-415781581-1000..\Run: [L07FXLRD_37137925] C:\Program Files (x86)\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-4208893176-3502703170-415781581-1000..\Run: [MediaDICO9Ut] C:\Program Files (x86)\Micro Application\7 Dictionnaires Utiles\LanceMediaDICO.exe Lancement File not found
O4 - HKU\S-1-5-21-4208893176-3502703170-415781581-1000..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Ezzina Olfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Ezzina Olfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk = File not found
O4 - Startup: C:\Users\Ezzina Olfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Metacafe.lnk = C:\Program Files (x86)\Metacafe\MetacafeAgent.exe (Metacafe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-4208893176-3502703170-415781581-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8:64bit: - Extra context menu item: Télécharger avec IDM - C:\Users\Ezzina Olfi\AppData\Local\Temp\wzaa5a\IEExt.htm File not found
O8:64bit: - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Users\Ezzina Olfi\AppData\Local\Temp\wzaa5a\IEGetVL.htm File not found
O8:64bit: - Extra context menu item: Télécharger tous les liens avec IDM - C:\Users\Ezzina Olfi\AppData\Local\Temp\wzaa5a\IEGetAll.htm File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Télécharger avec IDM - C:\Users\Ezzina Olfi\AppData\Local\Temp\wzaa5a\IEExt.htm File not found
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Users\Ezzina Olfi\AppData\Local\Temp\wzaa5a\IEGetVL.htm File not found
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Users\Ezzina Olfi\AppData\Local\Temp\wzaa5a\IEGetAll.htm File not found
O9:64bit: - Extra Button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - Reg Error: Key error. File not found
O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\Resources\fra.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\Resources\fra.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\Resources\fra.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\Resources\fra.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra Button: Envoyer à Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Envoyer au périphérique &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinsta ... s-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F152D96-C42B-4069-82AE-F06856A01D55}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Handler\wot - No CLSID value found
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0d06bd6b-ffa5-11df-bcb7-0027134ca7e7}\Shell - "" = AutoRun
O33 - MountPoints2\{0d06bd6b-ffa5-11df-bcb7-0027134ca7e7}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{0d06bd73-ffa5-11df-bcb7-0027134ca7e7}\Shell - "" = AutoRun
O33 - MountPoints2\{0d06bd73-ffa5-11df-bcb7-0027134ca7e7}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{0d06bd9b-ffa5-11df-bcb7-0027134ca7e7}\Shell - "" = AutoRun
O33 - MountPoints2\{0d06bd9b-ffa5-11df-bcb7-0027134ca7e7}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{0d06bdaa-ffa5-11df-bcb7-0027134ca7e7}\Shell - "" = AutoRun
O33 - MountPoints2\{0d06bdaa-ffa5-11df-bcb7-0027134ca7e7}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{0d06bdcd-ffa5-11df-bcb7-0027134ca7e7}\Shell - "" = AutoRun
O33 - MountPoints2\{0d06bdcd-ffa5-11df-bcb7-0027134ca7e7}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{b9947d97-4550-11df-be98-0027134ca7e7}\Shell - "" = AutoRun
O33 - MountPoints2\{b9947d97-4550-11df-be98-0027134ca7e7}\Shell\AutoRun\command - "" = F:\NokiaPCIA_Autorun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/18 11:12:40 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{A5D500CF-11D1-4766-93EB-47F37AA60995}
[2011/09/18 11:12:22 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{470E38FA-3DAD-4ADC-9778-3D6C6E2CB9C0}
[2011/09/17 21:24:50 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{756E337E-F84D-4652-8D42-B9B26F4474DD}
[2011/09/17 21:24:20 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{8AD30F1D-E3BC-4198-BA04-8BBE393B6C03}
[2011/09/17 09:24:05 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{B1A478E3-95BA-406E-B271-C3D7E8B84BD6}
[2011/09/17 09:23:43 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{1F83D670-09F5-4C2B-B07D-D3B186C07254}
[2011/09/16 21:23:15 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{124F4E45-9012-4952-B629-632BBC33485C}
[2011/09/16 21:22:52 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{6FC3C01A-BAFA-44FA-81BE-D0E591C22381}
[2011/09/16 09:22:08 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{808EFFE5-5FBB-46BD-AC1C-1187AA9C0867}
[2011/09/16 09:21:50 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{42508F7E-09EB-40B8-9983-D2B94BEABC26}
[2011/09/15 08:50:55 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{C2E99572-65A5-4E65-9276-0D3E34C8E9EF}
[2011/09/15 08:50:32 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{424D9A79-7F0B-4A90-9287-D835E0248510}
[2011/09/14 22:07:59 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\Desktop\ACTIVEKILLDISK
[2011/09/14 22:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ KillDisk
[2011/09/14 20:50:17 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{EFE0887B-800A-4498-9051-10D0EF006263}
[2011/09/14 20:49:54 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{0C7B2B6B-4A29-49CB-B037-957CE5F000D9}
[2011/09/14 08:48:58 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{98073CD3-A27C-4955-A6A6-081AD39932DF}
[2011/09/14 08:48:33 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{1497C4ED-833E-46D8-BF77-50E6B0E2FA4F}
[2011/09/13 19:08:58 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\Desktop\Nouveau dossier
[2011/09/13 18:22:15 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Users\Ezzina Olfi\Desktop\OTL.exe
[2011/09/12 23:10:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/12 18:37:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/12 18:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/09/12 18:33:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/09/12 18:02:40 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Ezzina Olfi\Desktop\erunt-setup.exe
[2011/09/12 13:21:21 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{28C75257-C999-46F4-AC10-4D4CC1868542}
[2011/09/12 13:20:56 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{3B6DDE19-7439-4260-93EB-101EA6D9D757}
[2011/09/12 02:26:44 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Roaming\Malwarebytes
[2011/09/12 02:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/12 02:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/12 02:26:08 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/09/12 02:26:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/12 01:03:19 | 000,000,000 | ---D | C] -- C:\FyK
[2011/09/11 22:50:28 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{5031EFC6-619F-4673-844E-90859D36B7FD}
[2011/09/11 22:49:51 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{B4A03021-DA38-452A-930C-4E40AC7A27D9}
[2011/09/11 08:25:29 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{6A3CB429-788D-4943-BC83-4E3AC80CE013}
[2011/09/11 08:24:38 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{EB93C149-6393-45F0-B017-00C30FA9F29B}
[2011/09/10 19:19:57 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{C0F2F843-99A4-4BA5-8DEE-4B210447052B}
[2011/09/10 19:19:34 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{7E8A87C4-68D1-4FA3-BB96-458DB1451F2C}
[2011/09/10 10:22:42 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\Documents\Games for Windows - LIVE Demos
[2011/09/10 07:18:53 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{ADDF78E7-5716-4DB7-A4C4-F3D23F4BD1A4}
[2011/09/10 07:18:41 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{DA40B89A-116F-441B-B4D1-93A28E9B8BDB}
[2011/09/09 19:05:24 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{E8DCDD53-53B0-4852-86F8-A29A21D52331}
[2011/09/09 19:05:00 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{158447E2-1984-4418-932B-9C9E589451D9}
[2011/09/09 13:04:53 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2011/09/09 13:04:53 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2011/09/09 13:03:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011/09/09 13:03:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011/09/09 13:03:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011/09/09 07:04:32 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{6645CD28-9F19-4F0E-9633-46BB7C30BC91}
[2011/09/09 07:04:13 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{8D91D3A6-7190-47F8-AB56-DF01D0623234}
[2011/09/08 17:36:10 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{3E32A60F-A425-4923-8957-CA469F772990}
[2011/09/08 17:35:48 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{0C91D83B-FE59-41C3-BCDD-0F5FB40FE4EE}
[2011/09/08 05:35:19 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{BD3FF3C7-C928-4D29-94A3-6F3A32497B1E}
[2011/09/08 05:34:57 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{87F8A4A1-5AC9-4A7B-AB0F-50495519C75B}
[2011/09/07 17:34:41 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{7211A85F-6BB1-4D19-BD5D-7D302619CD69}
[2011/09/07 17:34:18 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{71C3EFDB-8BF1-4FCD-820F-594A6E515CBE}
[2011/09/07 05:33:50 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{2D8D8ACD-5CD8-4752-B53B-D66186A3D7A1}
[2011/09/07 05:33:21 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{A6B7AD2A-D37E-4FE4-9AD0-FB9AA4FC7310}
[2011/09/06 17:33:05 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{75D85B50-AEDF-4380-9216-6CA066577CA8}
[2011/09/06 17:32:42 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{C8C5262F-01A8-411C-838F-56FA3CEBF1ED}
[2011/09/06 05:32:13 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{888D8B96-59B2-400A-BFEE-1CF434339C30}
[2011/09/06 05:31:51 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{22A40C72-890A-42CF-9F8C-CC31E82BD14B}
[2011/09/05 19:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Pro Antivirus
[2011/09/05 19:56:22 | 000,601,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/09/05 19:56:22 | 000,301,912 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/09/05 19:56:22 | 000,058,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/09/05 19:56:22 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/09/05 19:56:22 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/09/05 19:56:21 | 000,065,368 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/09/05 19:55:51 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/09/05 19:55:51 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/09/05 19:55:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/09/05 19:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/09/05 17:31:20 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{DE02A4A9-7D3C-49AB-BB8E-121E54E213B0}
[2011/09/05 17:30:57 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{2EF8B27F-9F52-40BB-A06F-EEDFE4D09AB9}
[2011/09/05 01:21:02 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{15457CE4-F36A-4390-88C7-2D3692A9ED31}
[2011/09/05 01:20:35 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{C3D8AA38-2460-4486-BD32-55563FCA9567}
[2011/09/04 12:04:08 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{7C492A65-0753-4C53-B7EE-747F622B2BA9}
[2011/09/04 12:03:42 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{1F946EAC-7B15-495D-AF51-5B82EDD53F42}
[2011/09/03 21:46:53 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/09/03 21:23:30 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\assembly
[2011/09/03 20:31:12 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{6846F7D6-D084-47B7-84E4-0212A2FC5724}
[2011/09/03 20:30:45 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{E37203AB-B283-4FFB-84C2-0E5D1E32AB45}
[2011/09/03 01:17:18 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{C5F94CB2-7A47-45BF-B841-59459B46C0CC}
[2011/09/03 01:16:56 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{FEC385E4-C354-4818-B640-F519E22E4696}
[2011/09/03 01:07:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/09/02 13:13:31 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{82915E8C-3F3E-42CE-80C5-DB03363B3216}
[2011/09/02 13:12:13 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{8E83638E-1059-46A2-9DFC-951296A55E59}
[2011/09/01 01:26:23 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{62D5204F-70C6-455C-9FC5-A78FB4169049}
[2011/09/01 01:26:01 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{7BCD4C22-08F4-402F-B843-B76B4BC302E0}
[2011/08/31 04:37:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\System32
[2011/08/31 03:57:20 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{E9981071-51C0-46DF-8A10-ACF4F403749D}
[2011/08/31 03:57:01 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{CFA42BF9-C272-4430-8391-7C913EF0AD13}
[2011/08/31 01:48:14 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\Samsung
[2011/08/31 01:47:11 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2011/08/31 01:47:01 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2011/08/30 15:56:32 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{A791FE9E-1512-44C5-928C-4FADDBC93293}
[2011/08/30 15:56:20 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{1DED3E50-1881-4408-97E5-D46F761D835A}
[2011/08/30 03:55:38 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{84D3832B-4D1D-495B-BA4B-4FB954289F04}
[2011/08/30 03:55:26 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{675EAD6F-4951-430F-9418-6507131A30D6}
[2011/08/29 15:36:30 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{410DE6B0-0135-45BF-9485-3577A5A2EE5F}
[2011/08/29 15:36:07 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{3217BC4A-3FBE-46F5-A586-AFFAA8583A41}
[2011/08/29 03:35:39 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{566122F4-4679-4307-99D8-5A171FEA7E02}
[2011/08/29 03:35:17 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{5CA9676A-CC6B-4BF0-9AA4-2D571749E632}
[2011/08/28 21:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/08/28 15:34:21 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{92B2544F-D53A-4DFD-B875-131BB65C72B7}
[2011/08/28 15:34:00 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{736CE1BF-95B9-4533-83E6-17ADA993FDA1}
[2011/08/27 20:48:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oodag
[2011/08/27 20:37:45 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\O&O
[2011/08/27 20:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
[2011/08/27 20:37:26 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software
[2011/08/27 16:51:56 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{D1DAE756-AC6D-4E6F-A040-54505FD68404}
[2011/08/27 16:51:28 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{6EB887A3-E561-48EB-80FF-EEA1B51310CC}
[2011/08/27 02:58:18 | 003,215,872 | ---- | C] (L'Aventure Multimedia) -- C:\Windows\MDDico7.dll
[2011/08/27 02:58:18 | 000,466,944 | ---- | C] (L'Aventure MultiMedia) -- C:\Windows\RACHook7.dll
[2011/08/27 02:58:13 | 000,388,608 | ---- | C] (L'Aventure Multimedia) -- C:\Windows\LMDDico7.exe
[2011/08/27 01:02:55 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{7AD190E4-E9E8-4E82-A69A-E6209EB76F6C}
[2011/08/27 01:02:21 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{FA7E1B7D-487C-47CE-9B48-D608A24F82B3}
[2011/08/26 11:43:06 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{EFAEE912-C994-4D5A-96C8-3484435E5004}
[2011/08/26 11:42:50 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{9F626C7D-0A8A-4462-9E7B-D6A973D2609D}
[2011/08/26 03:05:02 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Roaming\FileZilla
[2011/08/26 03:04:35 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011/08/26 03:04:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2011/08/26 02:58:01 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emoticon
[2011/08/26 02:57:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emoticon
[2011/08/25 20:08:44 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{8A228B02-9130-46A3-8ED7-8A56B9C7B657}
[2011/08/25 20:08:19 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{7756DE91-92DE-40BC-9581-D6B98B267337}
[2011/08/24 18:16:09 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{FBB2BDF4-CDEA-485E-9278-65FEEEEDA416}
[2011/08/24 18:15:10 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{E5F501B6-FE2D-460B-BC48-D97A0E795342}
[2011/08/24 03:33:52 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{74F1B219-F43C-4044-955A-F74C1EC27C6B}
[2011/08/24 03:33:29 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{57A589B6-8413-4BE4-B85A-8AA4924CB920}
[2011/08/23 16:38:08 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Roaming\IDM
[2011/08/23 15:58:14 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2011/08/23 15:32:51 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{AE6AC7C4-7263-45E6-BFD6-8CA51E8F386B}
[2011/08/23 15:32:27 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{FAA8FFAD-2D44-4173-9AD0-B2285D1C239D}
[2011/08/23 02:21:42 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{7219F85B-82C4-43B3-8570-EB3A84CB7703}
[2011/08/23 02:21:20 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{2D34C6ED-50F9-4033-B499-2EEE7B51C1C0}
[2011/08/22 14:20:39 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{CAFBCFFB-C86A-4AD4-BF8E-A63ADF465D54}
[2011/08/22 14:20:18 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{163759A1-FEAD-4842-ACAB-72EFE326E114}
[2011/08/21 23:58:17 | 003,147,368 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkHDM64.dll
[2011/08/21 23:58:11 | 000,367,976 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys
[2011/08/21 23:58:08 | 000,372,056 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64H.dll
[2011/08/21 23:58:07 | 000,097,624 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64H.dll
[2011/08/21 23:58:06 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64H.dll
[2011/08/21 23:58:05 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64H.dll
[2011/08/21 23:58:02 | 002,432,104 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RHDMEx64.dll
[2011/08/21 23:57:58 | 000,092,264 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RHCoInst64.dll
[2011/08/21 23:57:54 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DHT64.dll
[2011/08/21 23:57:51 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DAA64.dll
[2011/08/21 23:57:44 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64H.dll
[2011/08/21 23:57:42 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64H.dll
[2011/08/21 23:57:38 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64H.dll
[2011/08/21 23:57:37 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64H.dll
[2011/08/21 23:57:35 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64H.dll
[2011/08/21 23:52:57 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/08/21 23:52:47 | 000,052,736 | ---- | C] (Motorola Solutions, Inc.) -- C:\Windows\SysNative\drivers\btmcom.sys
[2011/08/21 23:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth
[2011/08/21 23:52:31 | 000,009,048 | ---- | C] (Motorola Solutions, Inc.) -- C:\Windows\SysNative\btmsstverschk.dll
[2011/08/21 23:52:16 | 000,684,416 | ---- | C] (Motorola Solutions, Inc.) -- C:\Windows\SysNative\drivers\btmusb.sys
[2011/08/21 23:52:16 | 000,327,000 | ---- | C] (Motorola Solutions, Inc.) -- C:\Windows\SysNative\btmcls.dll
[2011/08/21 23:52:16 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2011/08/21 23:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2011/08/21 23:51:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2011/08/21 23:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/08/21 23:07:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/08/21 23:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/08/21 23:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/08/21 23:07:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Pro Control Center
[2011/08/21 20:09:40 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{0D7EF49F-F7FA-4343-9ABB-6689C891F796}
[2011/08/21 20:09:14 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{C2F1A167-6847-4886-AADE-6CBA70BFA098}
[2011/08/20 23:55:47 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{9E225B50-7DE8-46E9-8E96-73660C76F32C}
[2011/08/20 23:55:24 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{28EC91D1-860D-4F10-96B2-78ED4B9DFAB1}
[2011/08/20 11:54:40 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{18189845-CD14-43EB-9520-70E9F5563336}
[2011/08/20 11:54:00 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{B5D243F3-80D3-4CAC-86D0-2CA61634F181}
[2011/08/20 02:51:24 | 000,000,000 | ---D | C] -- C:\Users\Ezzina Olfi\AppData\Local\{582F0914-E156-4561-A07C-BF4E2EEA024F}
[2010/07/28 19:51:34 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpmui.dll
[2010/07/28 19:51:34 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczinpa.dll
[2010/07/28 19:51:34 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcziesc.dll
[2010/07/28 19:51:33 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczserv.dll
[2010/07/28 19:51:33 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczusb1.dll
[2010/07/28 19:51:33 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczhbn3.dll
[2010/07/28 19:51:33 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomc.dll
[2010/07/28 19:51:33 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczlmpm.dll
[2010/07/28 19:51:33 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcoms.exe
[2010/07/28 19:51:33 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomm.dll
[2010/07/28 19:51:33 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczih.exe
[2010/07/28 19:51:33 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcfg.exe
[2010/07/28 19:51:33 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczppls.exe
[2010/07/28 19:51:33 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczprox.dll
[2010/07/28 19:51:33 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpplc.dll
[1 C:\Users\Ezzina Olfi\AppData\Local\*.tmp files -> C:\Users\Ezzina Olfi\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/18 19:47:41 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/18 19:47:41 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/18 19:47:01 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/18 19:38:36 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/18 19:38:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/18 19:37:57 | 3195,420,672 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/18 19:37:55 | 000,062,524 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2011/09/18 19:35:39 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/09/18 09:48:51 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/09/16 20:19:51 | 002,049,024 | ---- | M] () -- C:\Users\Ezzina Olfi\Documents\Outlook.pst
[2011/09/15 18:19:20 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/09/14 08:52:50 | 000,001,093 | ---- | M] () -- C:\Users\Ezzina Olfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/09/14 08:52:50 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/13 19:17:13 | 000,459,264 | ---- | M] () -- C:\Users\Ezzina Olfi\Desktop\CKScanner.exe
[2011/09/13 19:01:43 | 000,471,194 | ---- | M] () -- C:\Users\Ezzina Olfi\Desktop\adwcleaner0.exe
[2011/09/13 18:22:21 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Ezzina Olfi\Desktop\OTL.exe
[2011/09/13 17:53:03 | 001,582,936 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/13 17:53:03 | 000,715,730 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2011/09/13 17:53:03 | 000,627,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/13 17:53:03 | 000,135,190 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2011/09/13 17:53:03 | 000,110,790 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/12 18:33:50 | 000,001,064 | ---- | M] () -- C:\Users\Ezzina Olfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/09/12 18:33:49 | 000,000,884 | ---- | M] () -- C:\Users\Ezzina Olfi\Desktop\NTREGOPT.lnk
[2011/09/12 18:33:48 | 000,000,865 | ---- | M] () -- C:\Users\Ezzina Olfi\Desktop\ERUNT.lnk
[2011/09/12 18:02:43 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Ezzina Olfi\Desktop\erunt-setup.exe
[2011/09/09 21:43:31 | 000,084,810 | ---- | M] () -- C:\Users\Ezzina Olfi\Desktop\44.pdf
[2011/09/08 08:54:12 | 000,002,100 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk
[2011/09/07 18:52:56 | 000,002,155 | ---- | M] () -- C:\Users\Ezzina Olfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/07 18:52:56 | 000,002,155 | ---- | M] () -- C:\Users\Ezzina Olfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 9.lnk
[2011/09/07 08:45:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/09/06 21:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/09/06 21:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/09/06 21:45:17 | 000,254,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/09/06 21:38:18 | 000,601,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/09/06 21:38:16 | 000,301,912 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/09/06 21:36:41 | 000,058,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/09/06 21:36:41 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/09/06 21:36:30 | 000,065,368 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/09/06 21:36:14 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/09/05 19:56:23 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2011/09/03 21:46:44 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/09/03 21:46:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/09/03 21:46:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/09/03 21:46:42 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/09/03 21:23:19 | 000,001,091 | ---- | M] () -- C:\Users\Ezzina Olfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/31 01:48:08 | 000,001,913 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2011/08/31 01:47:16 | 000,001,937 | ---- | M] () -- C:\Users\Ezzina Olfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2011/08/28 21:26:43 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/08/28 16:06:57 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Wallpapers by IncrediMail.lnk
[2011/08/28 16:06:57 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\IncrediMail.lnk
[2011/08/28 16:06:57 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\Speed up your computer!.lnk
[2011/08/28 16:06:57 | 000,001,965 | ---- | M] () -- C:\Users\Ezzina Olfi\Application Data\Microsoft\Internet Explorer\Quick Launch\IncrediMail 2.0.lnk
[2011/08/27 20:37:30 | 000,002,687 | ---- | M] () -- C:\Users\Public\Desktop\O&O Defrag.lnk
[2011/08/27 02:58:19 | 000,002,201 | ---- | M] () -- C:\Users\Public\Desktop\7 Dictionnaires Utiles.lnk
[2011/08/26 04:08:55 | 000,001,401 | ---- | M] () -- C:\Users\Ezzina Olfi\Desktop\FS_Salah - Raccourci.lnk
[2011/08/26 03:04:43 | 000,001,960 | ---- | M] () -- C:\Users\Ezzina Olfi\Desktop\FileZilla Client.lnk
[2011/08/24 18:37:56 | 000,002,197 | ---- | M] () -- C:\Users\Ezzina Olfi\Documents\wmndata.xn
[1 C:\Users\Ezzina Olfi\AppData\Local\*.tmp files -> C:\Users\Ezzina Olfi\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/14 08:52:50 | 000,001,093 | ---- | C] () -- C:\Users\Ezzina Olfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/09/13 19:17:11 | 000,459,264 | ---- | C] () -- C:\Users\Ezzina Olfi\Desktop\CKScanner.exe
[2011/09/13 19:01:39 | 000,471,194 | ---- | C] () -- C:\Users\Ezzina Olfi\Desktop\adwcleaner0.exe
[2011/09/12 21:54:41 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/09/12 18:33:50 | 000,001,064 | ---- | C] () -- C:\Users\Ezzina Olfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/09/12 18:33:48 | 000,000,884 | ---- | C] () -- C:\Users\Ezzina Olfi\Desktop\NTREGOPT.lnk
[2011/09/12 18:33:48 | 000,000,865 | ---- | C] () -- C:\Users\Ezzina Olfi\Desktop\ERUNT.lnk
[2011/09/12 02:26:11 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/09 21:43:30 | 000,084,810 | ---- | C] () -- C:\Users\Ezzina Olfi\Desktop\44.pdf
[2011/09/05 19:56:23 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2011/08/31 01:48:08 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2011/08/31 01:47:16 | 000,001,937 | ---- | C] () -- C:\Users\Ezzina Olfi\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2011/08/28 21:26:43 | 000,002,172 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/08/28 01:38:52 | 000,062,524 | ---- | C] () -- C:\Windows\SysNative\oodbs.lor
[2011/08/27 20:37:30 | 000,002,687 | ---- | C] () -- C:\Users\Public\Desktop\O&O Defrag.lnk
[2011/08/27 02:58:19 | 000,002,201 | ---- | C] () -- C:\Users\Public\Desktop\7 Dictionnaires Utiles.lnk
[2011/08/26 04:08:55 | 000,001,401 | ---- | C] () -- C:\Users\Ezzina Olfi\Desktop\FS_Salah - Raccourci.lnk
[2011/08/26 03:04:43 | 000,001,960 | ---- | C] () -- C:\Users\Ezzina Olfi\Desktop\FileZilla Client.lnk
[2011/08/24 18:37:56 | 000,002,197 | ---- | C] () -- C:\Users\Ezzina Olfi\Documents\wmndata.xn
[2011/08/22 22:54:25 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Wallpapers by IncrediMail.lnk
[2011/07/28 17:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/07/06 01:51:09 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\KleiaHook.dll
[2011/06/19 11:31:49 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dvdtest10024.dat
[2011/05/06 22:38:58 | 000,004,305 | ---- | C] () -- C:\Windows\jdxgtf_x64.ini
[2011/05/06 22:38:58 | 000,001,441 | ---- | C] () -- C:\Windows\cqmf_mz16.ini
[2011/05/06 22:14:55 | 000,446,464 | ---- | C] () -- C:\Windows\SysWow64\Tx32.dll
[2011/05/06 22:14:55 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\ic32.ini
[2011/04/27 14:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/04/27 14:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/04/27 14:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/04/27 14:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/04/27 14:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/05 20:09:20 | 000,001,854 | ---- | C] () -- C:\Users\Ezzina Olfi\AppData\Roaming\GhostObjGAFix.xml
[2010/12/29 19:36:29 | 000,024,064 | ---- | C] () -- C:\Users\Ezzina Olfi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/27 00:28:52 | 000,000,026 | ---- | C] () -- C:\Windows\grwin.ini
[2010/11/27 20:38:02 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2010/10/10 10:09:40 | 000,635,392 | ---- | C] () -- C:\Windows\SysWow64\Bescherelle_Conjugaison.exe
[2010/08/07 16:39:31 | 000,153,088 | ---- | C] () -- C:\Program Files (x86)\UNWISE.EXE
[2010/07/30 00:14:11 | 000,000,244 | ---- | C] () -- C:\Users\Ezzina Olfi\AppData\Roaming\wklnhst.dat
[2010/07/28 19:51:34 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxczutil.dll
[2010/07/28 19:51:34 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCZinst.dll
[2010/07/28 18:16:59 | 000,000,092 | ---- | C] () -- C:\Windows\Lexstat.ini
[2010/07/20 16:57:13 | 000,000,045 | -H-- | C] () -- C:\Windows\dsez7537.dat
[2010/07/17 15:16:47 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\drivers\GameNT.sys
[2010/05/06 03:22:57 | 001,603,532 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/07 18:08:42 | 000,006,848 | ---- | C] () -- C:\Windows\SysWow64\drivers\cvintdrv.sys
[2010/03/18 23:03:41 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/02/20 21:40:22 | 000,000,436 | ---- | C] () -- C:\Windows\BAssoc.ini
[2010/01/06 11:50:12 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\vidalhelper.dll
[2009/08/20 20:45:12 | 000,009,868 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2009/08/20 18:32:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/15 16:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/17 11:13:30 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1999/09/25 17:03:10 | 000,014,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\SECDRV.SYS
[1997/06/14 08:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll

========== Files - Unicode (All) ==========
[2011/05/10 17:59:13 | 000,023,552 | ---- | M] ()(C:\Users\Ezzina Olfi\Documents\? ?? ??????? ?? ????.doc) -- C:\Users\Ezzina Olfi\Documents\إ ني اخترُتك يا وطني.doc
[2011/05/10 17:59:12 | 000,023,552 | ---- | C] ()(C:\Users\Ezzina Olfi\Documents\? ?? ??????? ?? ????.doc) -- C:\Users\Ezzina Olfi\Documents\إ ني اخترُتك يا وطني.doc
[2011/05/10 17:57:54 | 000,024,576 | ---- | M] ()(C:\Users\Ezzina Olfi\Documents\?????? ??? ???.doc) -- C:\Users\Ezzina Olfi\Documents\تصبحون على وطن.doc
[2011/05/10 17:57:53 | 000,024,576 | ---- | C] ()(C:\Users\Ezzina Olfi\Documents\?????? ??? ???.doc) -- C:\Users\Ezzina Olfi\Documents\تصبحون على وطن.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 157 bytes -> C:\ProgramData\Temp:635FFD7D

< End of report >
Olfi
 
Messages: 35
Inscription: 13 Sep 2011, 09:45

Re: PC infecté.

Messagede nickW » 18 Sep 2011, 23:24

Bonsoir,

Dans Firefox, Outils ----> Modules complémentaires ----> Extensions, peux-tu désactiver puis supprimer Connectbar?

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: PC infecté.

Messagede Olfi » 19 Sep 2011, 00:08

Bonsoir;
J'ai fait comme vous m'aviez demandé, heureusement les nouveaux onglets s'ouvrent sans Abuchak mais j'arrive pas à accéder à ma page d'adresse e-mail yahoo.fr (tous mes contacts sont sur cette adresse est j'arrive pas à les joindre ni consulter mes autre mails depuis presque trois semaines) malgré que je peut accéder à mon autre adresse yahoo.com.
Merci
Cordialement
Ezzina OLFI
Olfi
 
Messages: 35
Inscription: 13 Sep 2011, 09:45

Re: PC infecté.

Messagede nickW » 20 Sep 2011, 00:25

Bonsoir,

D'après les rapports d'analyse OTL, il semble que, dans Firefox, JavaScript n'est pas autorisé pour le site yahoo.fr (alors qu'il l'est pour yahoo.com et yahoo.net), ce qui pourrait expliquer le blocage.


Pourrais-tu :
*- Lancer Firefox
*- Menu Outils ----> Modules complémentaires ----> Extensions
*- Descendre jusqu'à NoScript et cliquer sur le bouton Options
*- Dans la fenêtre Options de NoScript, cliquer sur l'onglet liste blanche
*- dans la zone Adresse du site Web:, taper yahoo.fr puis cliquer sur le bouton Autoriser
*- Valider en cliquant sur OK
*- Fermer l'onglet Gestionnaire de modules complémentaires


Peux-tu maintenant accéder à ton compte?

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: PC infecté.

Messagede Olfi » 20 Sep 2011, 10:29

bonjour;
La page d'identification Yahoo France me demande toujours mon mot de passe malgré que le serveur m'identifie avec mon identifiant yahoo,j’inscris plusieurs fois mon mot de passe dont je suis certain qu'il est correct et toujours la page d’identification qui s'ouvre en me demandant d'inscrire mon mot de passe.
Il y a un message d'alerte qui s'ouvre au démarrage que je le transmet au prochain message.
Cordialement
Ezzina OLFI
Olfi
 
Messages: 35
Inscription: 13 Sep 2011, 09:45

Re: PC infecté.

Messagede nickW » 20 Sep 2011, 15:19

Bonjour,

Tu ne dis pas si la manip pour autoriser JavaScript pour yahoo.fr a changé quelque chose!

Firefox accepte-t-il les cookies du site yahoo.fr?

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

PrécédenteSuivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 5 invités