Problèmes redirection google

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Problèmes redirection google

Messagede Hebus » 07 Avr 2010, 18:12

Bonjour à tous

Lorsque je lance une recherche sur google je suis régulièrement redirigé vers d'autres sites
Mon antivirus mcafee a été désactivé et je ne peux plus me connecter sur le site alors que mon abonnement est valable jusqu'en 2011
Ralentissement du système

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Version de la base de données: 3966

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

07/04/2010 18:29:17
mbam-log-2010-04-07 (18-29-17).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 107568
Temps écoulé: 4 minute(s), 57 seconde(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 27

Processus mémoire infecté(s):
C:\Program Files\webserver\webserver.exe (Worm.KoobFace) -> No action taken.

Module(s) mémoire infecté(s):
c:\Windows\System32\o6ko.dll (Worm.KoobFace) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvoko6 (Worm.KoobFace) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\webserver (Worm.KoobFace) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom (Trojan.Patched) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\o6ko (Worm.KoobFace) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\desktop sms (Worm.P2P) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc6 (Worm.KoobFace) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\Windows\System32\o6ko.dll (Worm.KoobFace) -> No action taken.
C:\Program Files\webserver\webserver.exe (Worm.KoobFace) -> No action taken.
C:\Windows\System32\drivers\o6ko.sys (Worm.KoobFace) -> No action taken.
C:\Windows\Temp\7DDF.tmp (Malware.Packer.Gen) -> No action taken.
C:\Windows\Temp\7DFD.tmp (Trojan.Agent.Gen) -> No action taken.
C:\Windows\Temp\8883.tmp (Malware.Packer.Gen) -> No action taken.
C:\Windows\Temp\7DFF.tmp (Malware.Packer.Gen) -> No action taken.
C:\Windows\Temp\8844.tmp (Malware.Packer.Gen) -> No action taken.
C:\Windows\Temp\8881.tmp (Trojan.Agent.Gen) -> No action taken.
C:\Windows\bill103.exe (Trojan.Dropper) -> No action taken.
C:\Windows\ligh (Koobface.Trace) -> No action taken.
C:\Windows\System32\drivers\cdrom.sys (Trojan.Patched) -> No action taken.
C:\Windows\bk23567.dat (KoobFace.Trace) -> No action taken.
C:\Windows\fdgg34353edfgdfdf (KoobFace.Trace) -> No action taken.
C:\Users\Bernard\Local Settings\Application Data\gpiic_nav.dat (Adware.NaviPromo) -> No action taken.
C:\Users\Bernard\Local Settings\Application Data\gpiic_navps.dat (Adware.NaviPromo) -> No action taken.
C:\Users\Bernard\Local Settings\Application Data\010112010146111103.xxe (Worm.KoobFace) -> No action taken.
C:\Users\Bernard\Local Settings\Application Data\rdr_1268070167.exe (Worm.KoobFace) -> No action taken.
C:\Users\Bernard\Local Settings\Application Data\rdr_1268070500.exe (Worm.KoobFace) -> No action taken.
C:\Users\Bernard\Local Settings\Application Data\rdr_1268084116.exe (Worm.KoobFace) -> No action taken.
C:\Users\Bernard\Local Settings\Application Data\rdr_1268113277.exe (Worm.KoobFace) -> No action taken.
C:\Users\Bernard\Local Settings\Application Data\rdr_1268113604.exe (Worm.KoobFace) -> No action taken.
C:\Users\Bernard\Local Settings\Application Data\rdr_1268154047.exe (Worm.KoobFace) -> No action taken.
C:\Users\Bernard\Local Settings\Application Data\rdr_1268193955.exe (Worm.KoobFace) -> No action taken.
C:\Users\Bernard\Local Settings\Application Data\rdr_1268194326.exe (Worm.KoobFace) -> No action taken.
C:\Users\Bernard\Local Settings\Application Data\rdr_1268221900.exe (Worm.KoobFace) -> No action taken.
C:\Users\Bernard\Local Settings\Application Data\rdr_1268222457.exe (Worm.KoobFace) -> No action taken.
Hebus
 
Messages: 5
Inscription: 07 Avr 2010, 17:03

Messagede Hebus » 07 Avr 2010, 18:12

OTL logfile created on: 07/04/2010 18:35:13 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\Bernard\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 150,66 Gb Total Space | 89,35 Gb Free Space | 59,31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 145,97 Gb Total Space | 140,87 Gb Free Space | 96,51% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-BERNARD
Current User Name: Bernard
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/07 18:11:12 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Bernard\Desktop\OTL.exe
PRC - [2010/03/07 13:14:23 | 000,015,360 | ---- | M] () -- C:\Program Files\webserver\webserver.exe
PRC - [2009/11/16 12:24:36 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/04/23 15:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2009/04/08 12:38:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/03/02 12:41:52 | 003,399,727 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files\Free Download Manager\fdm.exe
PRC - [2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/10 22:48:49 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/16 12:53:46 | 001,079,808 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
PRC - [2008/04/15 17:59:38 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008/03/26 18:41:50 | 001,232,896 | ---- | M] (Time Information Services Ltd.) -- C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
PRC - [2008/03/19 15:24:20 | 000,474,624 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
PRC - [2008/03/10 09:58:18 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008/02/22 09:11:02 | 000,120,320 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008/01/25 15:43:22 | 000,716,800 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
PRC - [2008/01/22 11:00:30 | 004,624,384 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/01/21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/01/21 04:23:32 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe
PRC - [2008/01/17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008/01/09 15:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2007/12/25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2007/12/25 14:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2007/12/03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/10/25 17:41:18 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007/06/18 11:51:10 | 001,507,328 | ---- | M] (Interactive Digital Media) -- C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
PRC - [2007/04/13 08:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/04/03 18:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/03/29 15:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
PRC - [2007/02/12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/04/07 18:11:12 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Bernard\Desktop\OTL.exe
MOD - [2008/11/27 06:35:06 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll
MOD - [2008/08/28 05:37:46 | 000,712,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2008/05/27 07:18:32 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2008/03/08 06:21:55 | 001,695,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
MOD - [2008/01/21 04:25:29 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2008/01/21 04:25:25 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
MOD - [2008/01/21 04:25:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008/01/21 04:25:00 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2008/01/21 04:24:56 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2008/01/21 04:24:46 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
MOD - [2008/01/21 04:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2008/01/21 04:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
MOD - [2008/01/21 04:24:19 | 000,250,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
MOD - [2008/01/21 04:24:08 | 002,226,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
MOD - [2008/01/21 04:23:55 | 000,595,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
MOD - [2008/01/21 04:23:50 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
MOD - [2008/01/21 04:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2007/01/18 10:30:00 | 000,094,208 | ---- | M] () -- C:\Program Files\IDM\Desktop SMS\oehook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (webserverfdPHostwercplsupport)
SRV - File not found [Auto | Stopped] -- -- (webserverfdPHost)
SRV - File not found [Auto | Stopped] -- -- (WcsPlugInServiceGoogleDesktopManager-110309-193829)
SRV - File not found [Auto | Stopped] -- -- (TOSHIBA Bluetooth Service)
SRV - File not found [Auto | Stopped] -- -- (RasManLanmanWorkstation)
SRV - File not found [Auto | Stopped] -- -- (PcaSvcehstart)
SRV - File not found [Auto | Stopped] -- -- (lmhostsWPCSvc)
SRV - File not found [Auto | Stopped] -- -- (COMSysAppPNRPsvc)
SRV - File not found [Auto | Stopped] -- -- (BonjourShellHWDetection)
SRV - File not found [Auto | Stopped] -- -- (AppinfoIPBusEnum)
SRV - [2010/03/07 13:14:23 | 000,015,360 | ---- | M] () [Auto | Running] -- C:\Program Files\webserver\webserver.exe -- (webserver)
SRV - [2009/11/16 12:24:36 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/11/01 08:50:14 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/04/08 12:38:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/01/21 14:08:06 | 001,095,560 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/01/07 13:40:56 | 000,348,752 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/04/15 17:59:38 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/21 04:24:58 | 000,108,544 | ---- | M] (Alt-N Technologies, Ltd.) [Auto | Running] -- C:\Windows\System32\o6ko.dll -- (srvoko6)
SRV - [2008/01/21 04:23:43 | 000,062,976 | --S- | M] () [Auto | Stopped] -- C:\Windows\System32\acluii.exe -- (PcaSvcFontCache3.0.0.0)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/04/13 08:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/02/12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2009/10/08 06:07:48 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/07/14 18:06:51 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/03/06 16:45:06 | 000,130,424 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/11/03 02:34:19 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2008/11/03 02:34:18 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2008/11/03 02:34:18 | 000,040,840 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2008/06/26 23:02:10 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCAMp50.sys -- (PCAMp50)
DRV - [2008/06/26 23:02:10 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/03/17 12:57:52 | 000,103,680 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2008/03/17 12:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/02/01 12:46:08 | 000,187,904 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (CnxtHdAudAddService)
DRV - [2008/01/30 17:24:00 | 003,483,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/01/21 15:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/01/21 04:24:58 | 000,032,768 | ---- | M] (iS3, Inc) [Kernel | System | Running] -- C:\Windows\System32\drivers\o6ko.sys -- (o6ko)
DRV - [2008/01/21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Pilote de carte Intel(R)
DRV - [2008/01/21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 04:23:02 | 000,067,072 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrom.sys -- (cdrom)
DRV - [2008/01/21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/15 11:34:58 | 000,048,472 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2007/12/17 11:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/12/06 11:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/11/29 18:58:56 | 000,196,144 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/11/29 10:39:52 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2007/11/29 10:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/11/29 10:39:42 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2007/11/29 10:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2007/11/09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/11/01 01:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 01:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/11/01 01:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/17 23:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/30 00:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/09/26 06:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Pilote de carte Intel(R)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/04/09 17:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2007/01/29 07:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2006/11/02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 09:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006/10/23 17:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/07/10 18:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2006/07/05 14:39:29 | 000,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006/06/14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-3521758362-741567923-3467923523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3521758362-741567923-3467923523-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Live Search"
FF - prefs.js..browser.startup.homepage: "http://google.fr"
FF - prefs.js..extensions.enabledItems: {b66bc4c3-6d25-4a10-8c59-01daa9063051}:1.5.1
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/11/12 14:02:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/07 16:13:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/07 16:13:03 | 000,000,000 | ---D | M]

[2008/11/12 14:29:02 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\mozilla\Extensions
[2008/10/28 22:11:10 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010/04/07 14:56:29 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\mozilla\Firefox\Profiles\bnwli45v.default\extensions
[2009/10/25 13:46:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Bernard\AppData\Roaming\mozilla\Firefox\Profiles\bnwli45v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/01 06:48:23 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Bernard\AppData\Roaming\mozilla\Firefox\Profiles\bnwli45v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/12/01 06:48:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernard\AppData\Roaming\mozilla\Firefox\Profiles\bnwli45v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash
[2009/02/03 08:04:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Bernard\AppData\Roaming\mozilla\Firefox\Profiles\bnwli45v.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/05/22 06:06:45 | 000,000,000 | ---D | M] (FoxGame) -- C:\Users\Bernard\AppData\Roaming\mozilla\Firefox\Profiles\bnwli45v.default\extensions\{b66bc4c3-6d25-4a10-8c59-01daa9063051}
[2010/01/30 01:51:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernard\AppData\Roaming\mozilla\Firefox\Profiles\bnwli45v.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/05/11 19:55:54 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\mozilla\Firefox\Profiles\bnwli45v.default\extensions\OberonGameHost@OberonGames.com
[2008/08/17 16:49:31 | 000,000,523 | ---- | M] () -- C:\Users\Bernard\AppData\Roaming\Mozilla\FireFox\Profiles\bnwli45v.default\searchplugins\daemon-search.xml
[2009/03/26 16:39:25 | 000,001,775 | ---- | M] () -- C:\Users\Bernard\AppData\Roaming\Mozilla\FireFox\Profiles\bnwli45v.default\searchplugins\live-search.xml
[2010/04/07 14:56:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/07 16:12:59 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/04/07 16:12:59 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/04/07 16:12:59 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/04/07 16:13:00 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/04/07 16:13:00 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/04/07 16:55:49 | 000,000,698 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (no name) - {66886C4D-B307-4ECA-A228-52CA9B9851A4} - No CLSID value found.
O3 - HKU\S-1-5-21-3521758362-741567923-3467923523-1000\..\Toolbar\WebBrowser: (no name) - {00000000-F024-046A-5CEB-CA750AEB8EF7} - No CLSID value found.
O3 - HKU\S-1-5-21-3521758362-741567923-3467923523-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HDMICtrlMan] C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3521758362-741567923-3467923523-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3521758362-741567923-3467923523-1000..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKU\S-1-5-21-3521758362-741567923-3467923523-1000..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-3521758362-741567923-3467923523-1000..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-3521758362-741567923-3467923523-1000..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3521758362-741567923-3467923523-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xporter vers Microsoft Excel - E:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Télécharger avec Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O9 - Extra Button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3521758362-741567923-3467923523-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3521758362-741567923-3467923523-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O24 - Desktop WallPaper: C:\Users\Bernard\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bernard\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1e38ea8e-29e5-11df-ac0a-871d1416e634}\Shell - "" = AutoRun
O33 - MountPoints2\{1e38ea8e-29e5-11df-ac0a-871d1416e634}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{49dca898-62c5-11dd-82ce-001e686cf827}\Shell - "" = AutoRun
O33 - MountPoints2\{49dca898-62c5-11dd-82ce-001e686cf827}\Shell\AutoRun\command - "" = D:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{49dca89e-62c5-11dd-82ce-001e686cf827}\Shell - "" = AutoRun
O33 - MountPoints2\{49dca89e-62c5-11dd-82ce-001e686cf827}\Shell\AutoRun\command - "" = D:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{49dca89f-62c5-11dd-82ce-001e686cf827}\Shell - "" = AutoRun
O33 - MountPoints2\{49dca89f-62c5-11dd-82ce-001e686cf827}\Shell\AutoRun\command - "" = D:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{49dca8a0-62c5-11dd-82ce-001e686cf827}\Shell - "" = AutoRun
O33 - MountPoints2\{49dca8a0-62c5-11dd-82ce-001e686cf827}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{4f5fb396-2776-11df-b79e-e5f154e3e534}\Shell - "" = AutoRun
O33 - MountPoints2\{4f5fb396-2776-11df-b79e-e5f154e3e534}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{82f0c55f-7090-11de-8447-001e686cf827}\Shell - "" = AutoRun
O33 - MountPoints2\{82f0c55f-7090-11de-8447-001e686cf827}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- File not found
O33 - MountPoints2\{ab3122d8-159e-11df-89c4-f2bfcd7c666b}\Shell - "" = AutoRun
O33 - MountPoints2\{ab3122d8-159e-11df-89c4-f2bfcd7c666b}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{ac2c3bf5-6478-11dd-93fa-001e686cf827}\Shell - "" = AutoRun
O33 - MountPoints2\{ac2c3bf5-6478-11dd-93fa-001e686cf827}\Shell\AutoRun\command - "" = D:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{ac2c3bf7-6478-11dd-93fa-001e686cf827}\Shell - "" = AutoRun
O33 - MountPoints2\{ac2c3bf7-6478-11dd-93fa-001e686cf827}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{bc52ee68-5918-11de-94ce-001e686cf827}\Shell - "" = AutoRun
O33 - MountPoints2\{bc52ee68-5918-11de-94ce-001e686cf827}\Shell\AutoRun\command - "" = G:\AutoRunCardDetector.exe -- File not found
O33 - MountPoints2\{c5f10bae-2467-11df-a46b-b83d84dfab3e}\Shell - "" = AutoRun
O33 - MountPoints2\{c5f10bae-2467-11df-a46b-b83d84dfab3e}\Shell\AutoRun\command - "" = H:\AutoRunCardDetector.exe -- File not found
O33 - MountPoints2\{ce6ceb87-bfe2-11de-bfd1-001e686cf827}\Shell - "" = AutoRun
O33 - MountPoints2\{ce6ceb87-bfe2-11de-bfd1-001e686cf827}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{d44bcc84-2778-11df-bb8c-e053de9f9c38}\Shell - "" = AutoRun
O33 - MountPoints2\{d44bcc84-2778-11df-bb8c-e053de9f9c38}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{e638a41c-29f2-11df-80aa-904df6767337}\Shell - "" = AutoRun
O33 - MountPoints2\{e638a41c-29f2-11df-80aa-904df6767337}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{e6a6c666-34f1-11df-86d8-80c21a4fec65}\Shell - "" = AutoRun
O33 - MountPoints2\{e6a6c666-34f1-11df-86d8-80c21a4fec65}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{efc46b3a-bf3b-11de-bb56-001e686cf827}\Shell - "" = AutoRun
O33 - MountPoints2\{efc46b3a-bf3b-11de-bb56-001e686cf827}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{efc46b7b-bf3b-11de-bb56-001e686cf827}\Shell - "" = AutoRun
O33 - MountPoints2\{efc46b7b-bf3b-11de-bb56-001e686cf827}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{f3e9b5e3-a4ad-11dd-9722-001e686cf827}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 04:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/07 18:19:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/07 18:18:39 | 000,000,000 | ---D | C] -- C:\Users\Bernard\Desktop\erunt-loc_fr
[2010/04/07 18:18:29 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/07 18:16:34 | 000,000,000 | ---D | C] -- C:\Users\Bernard\AppData\Roaming\Malwarebytes
[2010/04/07 18:16:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/07 18:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/07 18:16:23 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/07 18:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/07 18:11:42 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Bernard\Desktop\erunt-setup.exe
[2010/04/07 18:11:11 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Bernard\Desktop\mbam-setup-1.45.exe
[2010/04/07 18:10:54 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Bernard\Desktop\OTL.exe
[2010/04/07 16:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/07 16:10:57 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/03/19 10:28:40 | 000,000,000 | ---D | C] -- C:\Users\Bernard\Desktop\SmitfraudFix
[2010/03/10 20:22:21 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/03/10 13:55:33 | 000,217,088 | ---- | C] (Acresso Software Inc.) -- C:\Users\Bernard\AppData\Local\rdr_1268221900.exe
[2010/03/10 06:05:58 | 000,217,088 | ---- | C] (Acresso Software Inc.) -- C:\Users\Bernard\AppData\Local\rdr_1268193955.exe
[2010/03/09 19:00:48 | 000,209,408 | ---- | C] (Guillemot Corporation) -- C:\Users\Bernard\AppData\Local\rdr_1268154047.exe
[2010/03/09 07:41:19 | 000,209,408 | ---- | C] (Guillemot Corporation) -- C:\Users\Bernard\AppData\Local\rdr_1268113277.exe
[2010/03/09 00:03:39 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\System32\Process.exe
[2010/03/09 00:00:09 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.exe
[2010/03/09 00:00:09 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.C.exe
[2010/03/09 00:00:09 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\404Fix.exe
[2010/03/09 00:00:09 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\o4Patch.exe
[2010/03/09 00:00:09 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\Agent.OMZ.Fix.exe
[2010/03/08 23:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/08 23:35:21 | 000,209,408 | ---- | C] (Guillemot Corporation) -- C:\Users\Bernard\AppData\Local\rdr_1268084116.exe
[2010/03/08 19:42:56 | 000,209,408 | ---- | C] (Guillemot Corporation) -- C:\Users\Bernard\AppData\Local\rdr_1268070167.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/07 18:41:40 | 003,145,728 | -HS- | M] () -- C:\Users\Bernard\ntuser.dat
[2010/04/07 18:38:28 | 000,040,947 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/04/07 18:18:33 | 000,000,878 | ---- | M] () -- C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/04/07 18:18:30 | 000,000,698 | ---- | M] () -- C:\Users\Bernard\Desktop\NTREGOPT.lnk
[2010/04/07 18:18:30 | 000,000,679 | ---- | M] () -- C:\Users\Bernard\Desktop\ERUNT.lnk
[2010/04/07 18:17:55 | 000,005,024 | ---- | M] () -- C:\Users\Bernard\Desktop\erunt-loc_fr.zip
[2010/04/07 18:16:28 | 000,000,783 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/07 18:14:56 | 000,000,371 | ---- | M] () -- C:\Users\Bernard\Desktop\scan.zip
[2010/04/07 18:14:25 | 000,671,242 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/04/07 18:14:24 | 001,470,810 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/07 18:14:24 | 000,587,852 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/07 18:14:24 | 000,124,272 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/04/07 18:14:24 | 000,101,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/07 18:11:46 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Bernard\Desktop\erunt-setup.exe
[2010/04/07 18:11:16 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Bernard\Desktop\mbam-setup-1.45.exe
[2010/04/07 18:11:12 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Bernard\Desktop\OTL.exe
[2010/04/07 18:10:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/07 18:10:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/07 17:48:17 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2850BC40-7451-4E93-B62D-483D28E2907D}.job
[2010/04/07 17:33:14 | 000,291,932 | ---- | M] () -- C:\Users\Bernard\Documents\cc_20100407_173250.reg
[2010/04/07 16:59:30 | 000,001,635 | ---- | M] () -- C:\Users\Bernard\Desktop\CCleaner.lnk
[2010/04/07 16:55:49 | 000,000,698 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/04/07 16:12:45 | 000,001,000 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/04/07 16:10:18 | 000,000,100 | --S- | M] () -- C:\Windows\System32\424837965.dat
[2010/04/07 16:10:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/07 16:10:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/07 16:09:57 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/07 14:35:39 | 000,524,288 | -HS- | M] () -- C:\Users\Bernard\ntuser.dat{2cac1ce0-331e-11df-ad4d-a399a6cb5dbf}.TMContainer00000000000000000001.regtrans-ms
[2010/04/07 14:35:39 | 000,065,536 | -HS- | M] () -- C:\Users\Bernard\ntuser.dat{2cac1ce0-331e-11df-ad4d-a399a6cb5dbf}.TM.blf
[2010/04/07 14:23:06 | 002,169,140 | -H-- | M] () -- C:\Users\Bernard\AppData\Local\IconCache.db
[2010/04/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/03/31 19:39:59 | 000,002,247 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/19 10:54:35 | 000,001,689 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/03/19 10:38:26 | 000,000,691 | ---- | M] () -- C:\Users\Bernard\AppData\Roaming\GetValue.vbs
[2010/03/19 10:38:26 | 000,000,035 | ---- | M] () -- C:\Users\Bernard\AppData\Roaming\SetValue.bat
[2010/03/19 10:38:24 | 000,002,170 | ---- | M] () -- C:\Windows\System32\tmp.reg
[2010/03/19 10:27:20 | 001,885,088 | ---- | M] () -- C:\Users\Bernard\Desktop\smitfraudfix_smitfraudfix_2.423_francais_253624.exe
[2010/03/19 10:03:27 | 000,524,288 | -HS- | M] () -- C:\Users\Bernard\ntuser.dat{2cac1ce0-331e-11df-ad4d-a399a6cb5dbf}.TMContainer00000000000000000002.regtrans-ms
[2010/03/19 09:38:33 | 000,524,288 | -HS- | M] () -- C:\Users\Bernard\ntuser.dat{fd905a9b-0ce5-11df-93d0-88c1d58ece36}.TMContainer00000000000000000001.regtrans-ms
[2010/03/19 09:38:33 | 000,065,536 | -HS- | M] () -- C:\Users\Bernard\ntuser.dat{fd905a9b-0ce5-11df-93d0-88c1d58ece36}.TM.blf
[2010/03/14 09:07:36 | 000,031,232 | ---- | M] () -- C:\Users\Bernard\Desktop\Lettre_papa.doc
[2010/03/10 14:01:19 | 000,015,360 | ---- | M] () -- C:\Users\Bernard\AppData\Local\rdr_1268222457.exe
[2010/03/10 13:55:33 | 000,217,088 | ---- | M] (Acresso Software Inc.) -- C:\Users\Bernard\AppData\Local\rdr_1268221900.exe
[2010/03/10 13:51:40 | 000,000,001 | ---- | M] () -- C:\Windows\ligh
[2010/03/10 06:12:19 | 000,015,360 | ---- | M] () -- C:\Users\Bernard\AppData\Local\rdr_1268194326.exe
[2010/03/10 06:05:58 | 000,217,088 | ---- | M] (Acresso Software Inc.) -- C:\Users\Bernard\AppData\Local\rdr_1268193955.exe
[2010/03/09 19:00:48 | 000,209,408 | ---- | M] (Guillemot Corporation) -- C:\Users\Bernard\AppData\Local\rdr_1268154047.exe
[2010/03/09 07:46:57 | 000,015,360 | ---- | M] () -- C:\Users\Bernard\AppData\Local\rdr_1268113604.exe
[2010/03/09 07:41:19 | 000,209,408 | ---- | M] (Guillemot Corporation) -- C:\Users\Bernard\AppData\Local\rdr_1268113277.exe
[2010/03/08 23:55:50 | 000,001,839 | ---- | M] () -- C:\Users\Bernard\Desktop\HijackThis.lnk
[2010/03/08 23:35:21 | 000,209,408 | ---- | M] (Guillemot Corporation) -- C:\Users\Bernard\AppData\Local\rdr_1268084116.exe
[2010/03/08 19:49:21 | 000,000,002 | ---- | M] () -- C:\Users\Bernard\AppData\Local\010112010146111103.xxe
[2010/03/08 19:49:21 | 000,000,001 | ---- | M] () -- C:\Windows\fdgg34353edfgdfdf
[2010/03/08 19:48:34 | 000,015,360 | ---- | M] () -- C:\Users\Bernard\AppData\Local\rdr_1268070500.exe
[2010/03/08 19:42:56 | 000,209,408 | ---- | M] (Guillemot Corporation) -- C:\Users\Bernard\AppData\Local\rdr_1268070167.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/07 18:18:33 | 000,000,878 | ---- | C] () -- C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/04/07 18:18:30 | 000,000,698 | ---- | C] () -- C:\Users\Bernard\Desktop\NTREGOPT.lnk
[2010/04/07 18:18:30 | 000,000,679 | ---- | C] () -- C:\Users\Bernard\Desktop\ERUNT.lnk
[2010/04/07 18:17:26 | 000,005,024 | ---- | C] () -- C:\Users\Bernard\Desktop\erunt-loc_fr.zip
[2010/04/07 18:16:28 | 000,000,783 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/07 18:14:53 | 000,000,371 | ---- | C] () -- C:\Users\Bernard\Desktop\scan.zip
[2010/04/07 17:33:01 | 000,291,932 | ---- | C] () -- C:\Users\Bernard\Documents\cc_20100407_173250.reg
[2010/04/07 16:59:30 | 000,001,635 | ---- | C] () -- C:\Users\Bernard\Desktop\CCleaner.lnk
[2010/03/21 15:59:45 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/19 10:54:35 | 000,001,689 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/03/19 10:27:18 | 001,885,088 | ---- | C] () -- C:\Users\Bernard\Desktop\smitfraudfix_smitfraudfix_2.423_francais_253624.exe
[2010/03/19 09:43:18 | 000,524,288 | -HS- | C] () -- C:\Users\Bernard\ntuser.dat{2cac1ce0-331e-11df-ad4d-a399a6cb5dbf}.TMContainer00000000000000000002.regtrans-ms
[2010/03/19 09:43:18 | 000,524,288 | -HS- | C] () -- C:\Users\Bernard\ntuser.dat{2cac1ce0-331e-11df-ad4d-a399a6cb5dbf}.TMContainer00000000000000000001.regtrans-ms
[2010/03/19 09:43:18 | 000,065,536 | -HS- | C] () -- C:\Users\Bernard\ntuser.dat{2cac1ce0-331e-11df-ad4d-a399a6cb5dbf}.TM.blf
[2010/03/14 09:07:36 | 000,031,232 | ---- | C] () -- C:\Users\Bernard\Desktop\Lettre_papa.doc
[2010/03/12 20:04:26 | 000,000,100 | --S- | C] () -- C:\Windows\System32\424837965.dat
[2010/03/10 14:01:19 | 000,015,360 | ---- | C] () -- C:\Users\Bernard\AppData\Local\rdr_1268222457.exe
[2010/03/10 06:12:19 | 000,015,360 | ---- | C] () -- C:\Users\Bernard\AppData\Local\rdr_1268194326.exe
[2010/03/09 07:46:57 | 000,015,360 | ---- | C] () -- C:\Users\Bernard\AppData\Local\rdr_1268113604.exe
[2010/03/09 00:04:27 | 000,000,691 | ---- | C] () -- C:\Users\Bernard\AppData\Roaming\GetValue.vbs
[2010/03/09 00:04:27 | 000,000,035 | ---- | C] () -- C:\Users\Bernard\AppData\Roaming\SetValue.bat
[2010/03/08 23:55:50 | 000,001,839 | ---- | C] () -- C:\Users\Bernard\Desktop\HijackThis.lnk
[2010/03/08 19:49:21 | 000,000,002 | ---- | C] () -- C:\Users\Bernard\AppData\Local\010112010146111103.xxe
[2010/03/08 19:49:21 | 000,000,001 | ---- | C] () -- C:\Windows\fdgg34353edfgdfdf
[2010/03/08 19:48:34 | 000,015,360 | ---- | C] () -- C:\Users\Bernard\AppData\Local\rdr_1268070500.exe
[2010/01/29 16:53:25 | 000,524,288 | -HS- | C] () -- C:\Users\Bernard\ntuser.dat{fd905a9b-0ce5-11df-93d0-88c1d58ece36}.TMContainer00000000000000000002.regtrans-ms
[2010/01/29 16:53:25 | 000,524,288 | -HS- | C] () -- C:\Users\Bernard\ntuser.dat{fd905a9b-0ce5-11df-93d0-88c1d58ece36}.TMContainer00000000000000000001.regtrans-ms
[2010/01/29 16:53:25 | 000,065,536 | -HS- | C] () -- C:\Users\Bernard\ntuser.dat{fd905a9b-0ce5-11df-93d0-88c1d58ece36}.TM.blf
[2010/01/11 19:08:41 | 000,323,861 | ---- | C] () -- C:\Users\Bernard\AppData\Local\gpiic_nav.dat
[2010/01/11 19:08:41 | 000,004,216 | ---- | C] () -- C:\Users\Bernard\AppData\Local\gpiic.dat
[2010/01/11 19:08:41 | 000,002,737 | ---- | C] () -- C:\Users\Bernard\AppData\Local\gpiic_navps.dat
[2009/10/29 18:53:26 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/10/29 18:53:26 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/10/29 18:53:26 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/04/24 04:12:23 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/04/19 11:04:09 | 000,000,090 | ---- | C] () -- C:\Users\Bernard\AppData\Local\uaace.bat
[2008/12/04 16:31:47 | 000,026,340 | ---- | C] () -- C:\Users\Bernard\AppData\Roaming\UserTile.png
[2008/10/16 19:41:34 | 000,000,680 | ---- | C] () -- C:\Users\Bernard\AppData\Local\d3d9caps.dat
[2008/09/17 15:37:53 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/08/17 16:47:25 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/07/31 13:32:37 | 000,005,952 | ---- | C] () -- C:\Users\Bernard\radios.xml
[2008/07/27 08:16:01 | 000,029,184 | ---- | C] () -- C:\Users\Bernard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/12 12:55:15 | 000,000,000 | ---- | C] () -- C:\Users\Bernard\AppData\Roaming\wklnhst.dat
[2008/07/10 20:34:01 | 003,145,728 | -HS- | C] () -- C:\Users\Bernard\ntuser.dat
[2008/07/10 20:34:01 | 000,524,288 | -HS- | C] () -- C:\Users\Bernard\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2008/07/10 20:34:01 | 000,524,288 | -HS- | C] () -- C:\Users\Bernard\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2008/07/10 20:34:01 | 000,262,144 | -H-- | C] () -- C:\Users\Bernard\ntuser.dat.LOG1
[2008/07/10 20:34:01 | 000,065,536 | -HS- | C] () -- C:\Users\Bernard\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2008/07/10 20:34:01 | 000,000,020 | -HS- | C] () -- C:\Users\Bernard\ntuser.ini
[2008/07/10 20:34:01 | 000,000,000 | -H-- | C] () -- C:\Users\Bernard\ntuser.dat.LOG2
[2008/06/11 02:07:20 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/06/11 02:03:26 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/06/11 02:03:26 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/05/23 00:18:54 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/02/26 18:14:53 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/18 17:09:14 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/02/18 17:09:14 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/02/18 17:09:14 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/02/18 17:09:14 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/02/18 17:09:14 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/02/18 17:09:14 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/02/18 16:50:05 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/02/18 16:50:05 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/02/18 16:50:05 | 000,009,496 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/02/18 16:50:05 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/02/18 16:43:21 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/02/18 16:36:36 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/02/18 15:58:23 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/02/18 15:58:11 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2008/01/28 18:01:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/01/28 18:01:06 | 000,471,040 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/01/28 17:53:02 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/01/28 17:53:02 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/01/28 17:53:02 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/01/28 17:52:28 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2008/01/21 04:23:02 | 000,067,072 | ---- | C] () -- C:\Windows\System32\drivers\cdrom.sys
[2007/12/21 17:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2007/11/15 03:24:14 | 000,003,584 | ---- | C] () -- C:\Windows\System32\wceprv.dll
[2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/22 22:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
Hebus
 
Messages: 5
Inscription: 07 Avr 2010, 17:03

Messagede Hebus » 07 Avr 2010, 18:15

========== LOP Check ==========

[2009/07/01 18:05:54 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Bandoo
[2008/12/02 20:27:50 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\CamfrogWEB
[2008/08/17 16:36:02 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Canneverbe_Limited
[2009/01/31 19:23:31 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Canon
[2009/07/14 18:11:11 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\DAEMON Tools
[2009/07/14 18:11:11 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\DAEMON Tools Lite
[2010/04/07 18:39:00 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Free Download Manager
[2008/11/24 09:28:18 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\IndexEducation
[2009/07/21 10:24:31 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Nokia
[2009/07/21 10:24:57 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\PC Suite
[2008/12/04 16:31:47 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\PeerNetworking
[2009/11/01 13:32:27 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\PlayFirst
[2009/11/01 19:56:43 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Playrix Entertainment
[2008/07/11 07:52:51 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\SpeedSim
[2010/03/19 19:42:00 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Sports Interactive
[2008/10/28 22:11:04 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\TomTom
[2008/07/22 18:23:09 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Toshiba
[2009/11/15 01:59:59 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2010/04/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/04/02 08:37:02 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/04/07 17:48:17 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2850BC40-7451-4E93-B62D-483D28E2907D}.job

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>


<MD5>
[2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

<MD5>
[2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

<MD5>
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

<MD5>
[2007/09/30 00:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2007/09/30 00:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Toshiba\Drivers\Robson\Winall\Driver64\IaStor.sys
[2007/09/30 00:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2007/09/30 00:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Toshiba\Drivers\Robson\Winall\Driver\IaStor.sys
[2007/09/30 00:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007/09/30 00:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys

<MD5>
[2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

<MD5>
[2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

<MD5>
[2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

<MD5>
[2008/01/21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

<systemroot>

<systemroot>
[2008/01/21 04:24:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2008/01/21 04:24:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2008/01/21 04:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/21 04:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

<systemroot>

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:DFC5A2B2
<End>
Hebus
 
Messages: 5
Inscription: 07 Avr 2010, 17:03

Messagede Hebus » 07 Avr 2010, 18:16

OTL Extras logfile created on: 07/04/2010 18:35:13 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\Bernard\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 150,66 Gb Total Space | 89,35 Gb Free Space | 59,31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 145,97 Gb Total Space | 140,87 Gb Free Space | 96,51% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-BERNARD
Current User Name: Bernard
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3521758362-741567923-3467923523-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0x00000000
"FirewallDisableNotify" = 0x00000000
"UpdatesDisableNotify" = 0x00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{83CF77B2-F3A6-4C7A-A3AD-9752A1DAB404}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D9E132B1-2C72-409A-B128-2EACE7632226}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BD31C53-EFBA-4DE8-B1B5-A5CDB50CD1DF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2009\fm.exe |
"{252BE514-D3AA-4220-A7F9-FFAB1B9D688B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{290676FC-BBEE-4D89-B50D-9B7B75339BAF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2009\fm.exe |
"{2B3E880B-07AD-44F7-802D-3631CC12C50C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{34C0A245-AF8B-42E9-B8AC-E9DD6B01F9FF}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{3800F845-CA29-4302-BA21-F21907ACB40D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4A0F0ADE-E88F-4F92-80E6-7D13FD13CBDC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{55F50398-6E20-47DB-A6AA-DF2E94B51D5D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2009\fm.exe |
"{5AFEA4C3-E043-4501-85E3-83076F2D2B51}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6062A136-093B-4946-BB91-BC0D98695D22}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{64520954-F0D8-44DF-AE06-313E7EFF1A13}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6FB28FD7-4C9D-4194-9207-67E77B35A62B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{749D0E7F-1FB9-47C2-9CBF-6FC155B13BE7}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{8716BAF4-EB48-4B5D-BAEA-28FEDA3F88CA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{89D11A6E-54BB-4419-A2E0-5FD330FBB9FC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B4E7BEA0-D966-4449-A926-26049FDD9209}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C605A284-D969-4C4C-BAEA-80850ABBE49B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CB82ABAA-C616-4C2E-99F1-FF16F85C7D91}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E78D5A43-EB93-4871-A06B-ECC9B1C4377F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2009\fm.exe |
"{EA1D4794-0DB9-4715-9C1C-D6D23A800B41}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FB2E989D-415A-490F-9BB8-E9B5E4F9B642}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FC05447A-D300-407B-AE26-40533E552F10}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024558D8-272F-C7C8-4F6D-6FE689B5DC52}" = Catalyst Control Center Localization Japanese
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A5A851C-B8B4-CD8E-920B-EE21B9E4FE31}" = Catalyst Control Center Graphics Full Existing
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{2D7D6A0E-A6A7-1080-980C-67FB8E20D93D}" = ccc-utility
"{2F2C3691-E3CB-6066-514D-729BB881216D}" = CCC Help Dutch
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{372B31CF-77FB-4E29-860C-A0EA2985AB7F}" = O2Micro Flash Memory Card Reader Driver (x86)
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E1E4AB9-C017-746E-92E6-B30A0429E986}" = CCC Help Korean
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"{4A130340-74D9-27C0-0F3D-3F9A69CF938C}" = CCC Help French
"{4A944E94-F6E9-9D38-5C5B-B1E5597EB742}" = CCC Help Spanish
"{4F1DCA42-2030-437C-A94E-736692A499C1}" = Nokia Connectivity Cable Driver
"{502DBACB-D72F-276E-9B51-1CC980633BDC}" = CCC Help German
"{50831C51-70E7-CF72-3B5E-53413B1598E9}" = Catalyst Control Center Localization Dutch
"{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"{56A29640-7334-2E21-8169-5F23EEEE4958}" = CCC Help Chinese Standard
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5B1DD5AA-FF34-4D6E-A912-CB46BB7378DC}" = Manuels TOSHIBA
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{60D7B2C5-5824-753E-D091-382D312C5590}" = Catalyst Control Center Localization French
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6275D380-371D-6D6E-32AF-97009138EBE3}" = Skins
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67905A54-F074-6F13-3C61-DA40552079BB}" = Catalyst Control Center Graphics Light
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6E4F5172-7A60-E18C-D1F2-C8D783197A7C}" = Catalyst Control Center Localization German
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FADEAAE-1AAD-2635-809E-C92477AF1794}" = Catalyst Control Center Localization Italian
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{88771941-E487-0F1C-7242-554D82BC8740}" = CCC Help Japanese
"{89DCBAD2-592B-A42C-18D7-78601056FBD9}" = Catalyst Control Center Localization Chinese Standard
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D90017E-FFE1-3077-9113-F4002ED7EB13}" = Catalyst Control Center Localization Swedish
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9011040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C05FA75-0337-4523-AA57-9D3511018887}" = Nokia PC Suite
"{9DDABBD9-B4D1-F927-8970-03E7CF4605F1}" = Catalyst Control Center Localization Korean
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Réducteur de bruit du lecteur de CD/DVD
"{A07EC392-26B6-E1AE-AFE8-A73F7BFC1C4C}" = CCC Help Chinese Traditional
"{A12F36B5-E11F-0128-7D8F-DEC927105BE2}" = CCC Help Swedish
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B158BAE0-C912-3697-256D-A9FCEDFAA536}" = Catalyst Control Center Localization Portuguese
"{B5897EDD-E78B-067B-DB8F-D85E60B71967}" = Catalyst Control Center Localization Spanish
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C42601B6-CBA8-7879-D310-7B2E97215D82}" = CCC Help Italian
"{C6DCC59B-48D8-5092-2F69-8C423BFAB27F}" = Catalyst Control Center Graphics Previews Vista
"{C7128EEC-088D-051A-E8F9-DD4E6F2C3F3E}" = CCC Help Portuguese
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{C970757C-FD82-ED94-66C4-AF7C0266699E}" = ATI Catalyst Install Manager
"{CB22A47C-EFEA-2400-DB68-8F9B1D24BF43}" = Catalyst Control Center Graphics Full New
"{CBDF64B0-8CAB-45C7-B3B2-4637C9F88769}" = HDMI Control Manager
"{CC5D63D4-BE70-432F-A9C8-2106B7AA72F0}" = INDEX EDUCATION - Client PRONOTE 2008
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE8B9F6B-7D9E-3C56-7B27-1E484CD41D78}" = ccc-core-static
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D00EAB9D-C698-D4F6-214F-6FFC496B7F71}" = Catalyst Control Center Core Implementation
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D305D4F8-0820-5DFA-F175-E7D06ED60364}" = CCC Help English
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}" = Catalyst Control Center - Branding
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Codeur Windows Media Série 9
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEBF75B0-9D67-6178-8737-92A81B3FEA47}" = Catalyst Control Center Localization Chinese Traditional
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Package de pilotes Windows - Nokia Modem (03/05/2008 3.7)
"CCleaner" = CCleaner
"CFWebAdvancedU" = CamfrogWEB Advanced ActiveX Plugin (remove only)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179" = HDAUDIO Soft Data Fax Modem with SmartCP
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Package de pilotes Windows - Nokia Modem (03/13/2008 6.86.0.1)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Enregistrement utilisateur de Canon MP210 series" = Enregistrement utilisateur de Canon MP210 series
"ERUNT_is1" = ERUNT 1.1j
"Free Download Manager" = Free Download Manager 3.0
"Google Desktop" = Google Desktop
"Google Updater" = Outil de mise à jour Google
"gpiic" = Favorit
"HijackThis" = HijackThis 2.0.2
"InstallShield_{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"InstallShield_{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Kit Internet Mobile Bouygues Telecom" = Kit Internet Mobile Bouygues Telecom
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSC" = McAfee SecurityCenter
"Nokia PC Suite" = Nokia PC Suite
"Spyware Doctor" = Spyware Doctor 6.0
"Steam App 10540" = Football Manager 2009
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.6.2.1586
"Windows Media Encoder 9" = Codeur Windows Media Série 9
"WinLiveSuite_Wave3" = Installation Windows Live

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3521758362-741567923-3467923523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Notification de cadeaux MSN" = Notification de cadeaux MSN

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

<End>
Hebus
 
Messages: 5
Inscription: 07 Avr 2010, 17:03

Messagede nickW » 12 Avr 2010, 21:03

Bonsoir,

Premiers nettoyages:


Étape 1: rkill (de Grinler), téléchargement
Remarque importante:
rkill est parfois, à tort, détecté comme nuisible. Si nécessaire, désactiver l'antivirus lors de son téléchargement.

Télécharger rkill via un clic droit suivi de Enregistrer la cible du lien sous ... depuis l'un des liens ci-dessous:

Lien 1
Lien 2
Lien 3
Lien 4

Enregistrer le fichier sur le Bureau.


Étape 2: Navilog1 (de IL-MAFIOSO)
Télécharger Navilog1 par un clic droit sur le lien ci-dessous:
http://pagesperso-orange.fr/il.mafioso/ ... vilog1.exe
Enregistrer le fichier sur le Bureau.

Fermer toutes les applications actives (comme traitement de texte, navigateur).
Faire un clic droit sur le fichier Navilog1.exe situé sur le Bureau et choisir "Exécuter en tant qu'Administrateur".

Suivre les indications affichées.
Sur le menu principal, choisir l'option 1 et valider.
(ne pas choisir l'option 2 sans mon avis/accord)

L'outil peut annoncer qu'il va effectuer un redémarrage du PC: Appuyer sur une touche comme demandé.
Si le PC ne redémarre pas automatiquement, lancer manuellement le redémarrage, en choisissant la session habituelle.

Attendre jusqu'au message :
*** Scan Termine le ..... ***
Appuyer sur une touche comme demandé, le Bloc-notes va s'ouvrir.
Note: Dans le Bloc-notes, vérifier dans le menu Format (en haut) que l'option "Retour automatique à la ligne" n'est pas cochée.
Enregistrer ce fichier sous le nom navi1-100412.txt
Fermer le Bloc-notes.


Étape 3: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus et celui de l'antispyware.
Image McAfee Antivirus: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), choisir "Exit" et confirmer
Image Spyware Doctor: Lancer Spyware Doctor, cliquer sur le bouton "IntelliGuard" sur la gauche, cliquer sur "Cliquez pour désactiver l'IntelliGuard" puis choisir 30 minutes


Étape 4: rkill (de Grinler), exécution
Faire un clic droit sur le fichier rkill téléchargé puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

Une fenêtre à fond noir va apparaître brièvement, puis disparaître.
En fin d'exécution, enregistrer le fichier rkill.log

Si rien ne se passe, ou si l'outil ne se lance pas, télécharger l'outil depuis un autre des quatre liens ci-dessus et faire une nouvelle tentative d'exécution.

Si aucun des outils téléchargés depuis les quatre liens ci-dessus ne semble fonctionner, ne pas continuer le nettoyage, et me prévenir sur le forum.

Ne pas faire redémarrer le PC.


Étape 5: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher, comme ceci:

Image

Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats":
Image


Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection": Image

Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 6: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus et celui de l'antispyware.


Étape 7: OTL (de OldTimer), analyse
Fermer toutes les fenêtres de programme ouvertes.

Faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cocher (en haut) la case située devant Tous les utilisateurs:
Image

Puis cliquer sur le bouton Analyse:
Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 8: Résultats
Envoyer en réponse:
*- le rapport de Navilog1, Option 1 (contenu du fichier navi1-100412.txt)
*- le rapport de rkill (contenu du fichier rkill.log situé dans le dossier SystemDrive\)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier SystemDrive\Users\<tonprofil>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-**-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France


Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 26 invités

cron