win.trojan-gen (other)

Question

Bonjour,
avast ! a trouvé win.trojan-gen (other) qui a attaqué C:\windows\system33.exe ou system34.exe !
Comment me débarasser de ce virus qui attaque les fichiers system ?
merci

gen-hackman · Answer

salut :

Télécharge OTL de OLDTimer

et enregistre le sur ton Bureau.

Double clic sur OTL.exe pour le lancer.

Coche les 2 cases Lop et Purity

Coche la case devant scan all users

Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)


Pour me le transmettre clique sur ce lien

Clique sur Parcourir et cherche le fichier ci-dessus.

Clique sur Ouvrir.

Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

hxxp://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt

est ajouté dans la page.

Copie ce lien dans ta réponse.

gen-hackman · Answer

avec avast ? va m etonnerait 

fais le diagnostic que je te demande histoire d'etre fixé

TITIB · Answer

http://www.cijoint.fr/cjlink.php?file=cj200906/cijubHskMa.txt 
Merci
TITIB

gen-hackman · Answer

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection): 

- Vas dans "Démarrer" puis Panneau de configuration. 
- Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs. 
- Clique sur Continuer. 
- Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur. 
- Valide par OK et redémarre. 

Tuto 

ensuite :


&#9830 Désactivez le contrôle des comptes utilisateurs avant utilisation de cet outil: 

&#9830 Allez dans "Démarrer" puis Panneau de configuration. 
&#9830 Double Cliquez sur l'icône Comptes d'utilisateurs et sur "Activer ou désactiver le contrôle des comptes d'utilisateurs".  
&#9830 Décochez la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur. 
&#9830 Validez par OK et redémarrez .

Aides en images ( Uac ) 

ensuite

&#9830 Télécharge Ad-remover ( de C_XX ) sur ton bureau : 


&#9830 Déconnecte toi et ferme toutes applications en cours ! 

&#9830 clic droit sur "Ad-R.exe" en tant qu'administrateur pour lancer l'installation et laisse les paramètres d'installation par défaut . 

&#9830 clic droit sur le raccourci Ad-remover en tant qu'administrateur qui est sur ton bureau pour lancer l'outil .
 
&#9830 Au menu principal choisis l'option "L" et tape sur [entrée] .

&#9830 Laisse travailler l'outil et ne touche à rien ... 

&#9830 Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé aussi sous C:\Ad-report.log ) 
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller ) 

&#9830 Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus. 

Aides en images (Installation)
Aides en images (Recherche)

TITIB · Answer

Avant de recommencer d'autres manips, peux tu me dire ce que t'a appris le contenu du fichier OLT.txt que je t'ai transmis ?
Ad-remover est un outil anti-spyware qui est sûrement utile pour faire du ménage. Ceci dit, je fais régulièrement du ménage avec Spybot.
TITIB

gen-hackman · Answer

spybot est un peu dépassé

le rapport m'a appris que tu avais une barre d'outils internet ultra infectrice du nom de "Ask"
et d'habitude il n'y a qu'un service et là elle en a crée 2 :

====== Processes (SafeList) =====

C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe
C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe


======= Win32 Services (SafeList) ======

() -- C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe -- (ASKService [Auto | Running])
() -- C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade [Auto | Running])

====== FireFox =====

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Ask"

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)


on utilise AD-Remover pour la faire sauter ainsi que ses clés de registre et dossiers correspondants


ensuite il y aura d autre suppressions à faire

Utilisateur anonyme · Answer

Salut Gen,

Ad-R ne fonctionne pas sous OS 64 BIT.


++

gen-hackman · Answer

Ah zut !

Toolbar SD non plus ?

TITIB · Answer

Merci Gen et C_XX,
Effectivement je suis sous Vista 64bit....
Merci de m'indiquer un bon soft....

gen-hackman · Answer

Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
  - Coche    Afficher les fichiers et dossiers cachés
  - Décoche Masquer les extensions des fichiers dont le type est connu
  - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
clique sur Appliquer, puis OK.

N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

    * Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :

 C:\Windows\sysnative\DRIVERS\61883.sys
C:\Windows\UA000074.DLL 

    * Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
    * Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
    * Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
    * Une nouvelle fenêtre de ton navigateur va apparaître
    * Clique alors sur les deux fleches
    * Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
    * Enfin colle le résultat dans ta prochaine réponse.

ensuite :

Double clic sur OTL.exe pour le lancer.


Copie la liste qui se trouve en gras ci-dessous,

et colle-la dans la zone sous Customs Scans/Fixes

:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
TeaTimer.exe
AskService.exe
ASKUpgrade.exe

:services
ASKService
ASKUpgrade
Partner Service

:OTL
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-887371982-3018223467-355190421-1000\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
@Alternate Data Stream - 24 bytes -> C:\Windows:076FFFBAB3EB19CB
@Alternate Data Stream - 1282 bytes -> C:\Users\Thierry\Documents\Re_ service de déclaration des revenus en ligne inaccessible  (KMM1109507I6186L0KM).eml:OECustomProperty

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"QuickTime Task"=-
"TrueImageMonitor.exe"=-

:files
C:\ProgramData\Partner\partner.exe
C:\Program Files (x86)\AskBarDis
C:\ProgramData\.zreglib

:commands
[emptytemp]
[start explorer]
[reboot]

Clique sur RunFix pour lancer la suppression.


Poste le rapport.

==========

TITIB · Answer

Bonjour gen, J'ai réussi à réaliser la première opération, c'est à dire le passage des 2 fichiers indiqués par VirusTotal: C:\Windows\sysnative\DRIVERS\61883.sys C:\Windows\UA000074.DLL remarque: 61883.sys n'est pas à l'endroit que tu m'indiques -> voici le résultat pour 61883.sys : Fichier 61883.sys reçu le 2009.06.19 16:01:21 (UTC)Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.18 2009.06.19 - AhnLab-V3 5.0.0.2 2009.06.19 - AntiVir 7.9.0.193 2009.06.19 - Antiy-AVL 2.0.3.1 2009.06.19 - Authentium 5.1.2.4 2009.06.19 - Avast 4.8.1335.0 2009.06.18 - AVG 8.5.0.339 2009.06.19 - BitDefender 7.2 2009.06.19 - CAT-QuickHeal 10.00 2009.06.19 - ClamAV 0.94.1 2009.06.19 - Comodo 1372 2009.06.19 - DrWeb 5.0.0.12182 2009.06.19 - eSafe 7.0.17.0 2009.06.18 - eTrust-Vet 31.6.6569 2009.06.19 - F-Prot 4.4.4.56 2009.06.19 - F-Secure 8.0.14470.0 2009.06.19 - Fortinet 3.117.0.0 2009.06.19 - GData 19 2009.06.19 - Ikarus T3.1.1.59.0 2009.06.19 - Jiangmin 11.0.706 2009.06.19 - K7AntiVirus 7.10.768 2009.06.19 - Kaspersky 7.0.0.125 2009.06.19 - McAfee 5650 2009.06.18 - McAfee+Artemis 5650 2009.06.18 - McAfee-GW-Edition 6.7.6 2009.06.19 - Microsoft 1.4803 2009.06.19 - NOD32 4172 2009.06.19 - Norman 6.01.09 2009.06.19 - nProtect 2009.1.8.0 2009.06.19 - Panda 10.0.0.16 2009.06.19 - PCTools 4.4.2.0 2009.06.19 - Prevx 3.0 2009.06.19 - Rising 21.34.44.00 2009.06.19 - Sophos 4.42.0 2009.06.19 - Sunbelt 3.2.1858.2 2009.06.18 - Symantec 1.4.4.12 2009.06.19 - TheHacker 6.3.4.3.348 2009.06.19 - TrendMicro 8.950.0.1094 2009.06.19 - VBA32 3.12.10.7 2009.06.19 - ViRobot 2009.6.19.1796 2009.06.19 - VirusBuster 4.6.5.0 2009.06.19 - Information additionnelle File size: 58496 bytes MD5...: 78e902fb660bd5003fe726b9bef300b6 SHA1..: c38f0b592bd3e61e257de859678a5cae0c1010fb SHA256: c43761c5e7544b6026375215dec8313df744a41d15f7b107c34f195730d5d077 ssdeep: 1536:NgVUQOG/Dy25yW4a65555XjaI1dqgnxzCmR/2RG:NgVUQOG/m25j4N5VjaI
XqgxzjuRG
PEiD..: - TrID..: File type identification
Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xd7cc
timedatestamp.....: 0x479199de (Sat Jan 19 06:34:06 2008)
machinetype.......: 0x8664 (AMD64)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0xbf56 0xbf80 6.25 58840f9d50dc78c34b4d1e7879bf4478
.rdata 0xc300 0x8f4 0x900 5.12 07f1c8f88f921faba00b25c743254c7d
.data 0xcc00 0x298 0x300 1.67 daf947dd33eb11311a8d7df8a106df15
.pdata 0xcf00 0x558 0x580 4.39 039111ef79f0396bcb3e5497cf95befc
.guids 0xd480 0x10 0x80 1.04 61bd79003a118bcb238c982d082627d9
PAGE 0xd500 0x1f8 0x200 5.93 2fec73dd5565bc05b5488bbce5905e89
INIT 0xd700 0x870 0x880 5.21 a6ba8a88174886ef5bb63960cd975611
.rsrc 0xdf80 0x3f0 0x400 3.34 32cac7361db46dad08c356bd42acd5e4
.reloc 0xe380 0xf4 0x100 2.40 78564c82530d8d03c2b55aa44e0432ba

( 1 imports )
> ntoskrnl.exe: ExAllocatePoolWithTag, ZwCreateKey, ExReleaseFastMutex, RtlAnsiStringToUnicodeString, ExAcquireFastMutex, IoFreeWorkItem, ExpInterlockedPushEntrySList, RtlAppendUnicodeToString, RtlInitAnsiString, KeReleaseSpinLock, ExpInterlockedPopEntrySList, MmBuildMdlForNonPagedPool, IoFreeMdl, ZwQueryValueKey, ExFreePool, IoAllocateWorkItem, ZwClose, ExQueryDepthSList, IoFreeIrp, IoAllocateIrp, IoOpenDeviceRegistryKey, IoQueueWorkItem, IoAllocateMdl, KeAcquireSpinLockRaiseToDpc, ExInitializeNPagedLookasideList, KeSetEvent, KeInitializeEvent, IofCompleteRequest, KeWaitForSingleObject, IofCallDriver, IoAcquireRemoveLockEx, IoReuseIrp, KeInitializeDpc, IoReleaseRemoveLockEx, KeInitializeTimer, IoReleaseRemoveLockAndWaitEx, KeSetTimer, IoInitializeRemoveLockEx, KeCancelTimer, ExInterlockedInsertTailList, RtlCopyUnicodeString, IoReleaseCancelSpinLock, ExDeleteNPagedLookasideList, IoRegisterDeviceInterface, RtlIntegerToUnicodeString, IoDeleteDevice, RtlQueryRegistryValues, IoDetachDevice, PoSetPowerState, RtlFreeUnicodeString, PoStartNextPowerIrp, RtlAppendUnicodeStringToString, IoAttachDeviceToDeviceStack, PoCallDriver, ObfReferenceObject, IoCreateDevice, KeBugCheckEx, ProbeForRead, ExAllocatePoolWithQuotaTag, __C_specific_handler

( 0 exports )
PDFiD.: - RDS...: NSRL Reference Data Set
- -> voici le résultat pour UA000074.DLL: Fichier UA000074.DLL reçu le 2009.06.19 15:56:09 (UTC)Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.18 2009.06.19 - AhnLab-V3 5.0.0.2 2009.06.19 - AntiVir 7.9.0.193 2009.06.19 - Antiy-AVL 2.0.3.1 2009.06.19 - Authentium 5.1.2.4 2009.06.19 - Avast 4.8.1335.0 2009.06.18 - AVG 8.5.0.339 2009.06.19 - BitDefender 7.2 2009.06.19 - CAT-QuickHeal 10.00 2009.06.19 - ClamAV 0.94.1 2009.06.19 - Comodo 1372 2009.06.19 - DrWeb 5.0.0.12182 2009.06.19 - eSafe 7.0.17.0 2009.06.18 - eTrust-Vet 31.6.6569 2009.06.19 - F-Prot 4.4.4.56 2009.06.19 - F-Secure 8.0.14470.0 2009.06.19 - Fortinet 3.117.0.0 2009.06.19 - GData 19 2009.06.19 - Ikarus T3.1.1.59.0 2009.06.19 - Jiangmin 11.0.706 2009.06.19 - K7AntiVirus 7.10.768 2009.06.19 - Kaspersky 7.0.0.125 2009.06.19 - McAfee 5650 2009.06.18 - McAfee+Artemis 5650 2009.06.18 - McAfee-GW-Edition 6.7.6 2009.06.19 - Microsoft 1.4803 2009.06.19 - NOD32 4172 2009.06.19 - Norman 6.01.09 2009.06.19 - nProtect 2009.1.8.0 2009.06.19 - Panda 10.0.0.16 2009.06.19 - PCTools 4.4.2.0 2009.06.19 - Prevx 3.0 2009.06.19 - Rising 21.34.44.00 2009.06.19 - Sophos 4.42.0 2009.06.19 - Sunbelt 3.2.1858.2 2009.06.18 - Symantec 1.4.4.12 2009.06.19 - TheHacker 6.3.4.3.348 2009.06.19 - TrendMicro 8.950.0.1094 2009.06.19 - VBA32 3.12.10.7 2009.06.19 - ViRobot 2009.6.19.1796 2009.06.19 - VirusBuster 4.6.5.0 2009.06.19 - Information additionnelle File size: 7420 bytes MD5...: 97165eebf15ad5e886403ee9534ef785 SHA1..: eadbf2e789cd0445260e648926e74adf77652817 SHA256: 5c2e00a48086e6af64a45ce858b1ee88bdb51f47f139fe67eb93a700bb48ae33 ssdeep: 192:QsRjIxVSTAXxtR2s/SqZc146zPwZb4y3ZHJHp:QsR2VBBnNZcWBZb46P
PEiD..: - TrID..: File type identification
Unknown! PEInfo: - PDFiD.: - RDS...: NSRL Reference Data Set
- Je n'arrive pas è réaliser la seconde opération avec OTL 2.1.1.0 que j'ai téléchargé avant hier, car la zone sous Customs Scans/Fixes n'est pas accessible ! Dans l'attente de ton analyse et de tes explications, Merci beaucoup

gen-hackman · Answer

---> Désactive ton antivirus le temps de la manipulation car OTM est détecté comme une infection à tort. 

---> Télécharge OTM (OldTimer) sur ton Bureau : 

---> Double-clique sur OTM.exe afin de le lancer. 

---> Copie (Ctrl+C) le texte suivant ci-dessous : 




:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
TeaTimer.exe
AskService.exe
ASKUpgrade.exe

:services
ASKService
ASKUpgrade
Partner Service

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"QuickTime Task"=-
"TrueImageMonitor.exe"=-

:files
C:\ProgramData\Partner\partner.exe
C:\Program Files (x86)\AskBarDis
C:\ProgramData\.zreglib

:commands
[emptytemp]
[start explorer]
[reboot]




---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved. 

---> Clique maintenant sur le bouton MoveIt! puis ferme OTM 

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. 
Accepte en cliquant sur YES. 

---> Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\ 
Le nom du rapport correspond au moment de sa création : date_heure.log

TITIB · Answer

========== PROCESSES ==========
Unable to kill process: explorer.exe
Unable to kill process: iexplore.exe
Unable to kill process: firefox.exe
Unable to kill process: msnmsgr.exe
Process TeaTimer.exe killed successfully.
Unable to kill process: AskService.exe
Unable to kill process: ASKUpgrade.exe
========== SERVICES/DRIVERS ==========
Service\Driver ASKService not found.
Unable to delete service\driver keyASKService.
Service\Driver ASKUpgrade not found.
Unable to delete service\driver keyASKUpgrade.
Service\Driver Partner Service not found.
Unable to delete service\driver keyPartner Service.
========== REGISTRY ==========
Unable to delete registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Adobe Reader Speed Launcher .
Unable to delete registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task .
Unable to delete registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TrueImageMonitor.exe .
========== FILES ==========
File move failed. C:\ProgramData\Partner\partner.exe scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\AskBarDis\bar\Settings scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\AskBarDis\bar\bin scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\AskBarDis\bar scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\AskBarDis scheduled to be moved on reboot.
C:\ProgramData\.zreglib moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\Thierry\AppData\Local\Temp\ppcrlui_5068_2 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTM by OldTimer - Version 2.1.0.1 log created on 06192009_205036

Dans l'attente de tes conclusions et explications
Merci

gen-hackman · Answer

refais le en mode sans echec stp

TITIB · Answer

Excuses moi:
je sais démarrer un PC en mode sans échec, mais pas un programme.

gen-hackman · Answer

ben tu fais pareil qu en mode normal :)

TITIB · Answer

Quel est l'intérêt de refaire 2 fois la même chose ?

TITIB · Answer

ça n'a pas marché: nouveau .log:

========== PROCESSES ==========
Unable to kill process: explorer.exe
Unable to kill process: iexplore.exe
Unable to kill process: firefox.exe
Unable to kill process: msnmsgr.exe
Process TeaTimer.exe killed successfully.
Unable to kill process: AskService.exe
Unable to kill process: ASKUpgrade.exe
========== SERVICES/DRIVERS ==========
Service\Driver ASKService not found.
Unable to delete service\driver keyASKService.
Service\Driver ASKUpgrade not found.
Unable to delete service\driver keyASKUpgrade.
Service\Driver Partner Service not found.
Unable to delete service\driver keyPartner Service.
========== REGISTRY ==========
Unable to delete registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Adobe Reader Speed Launcher .
Unable to delete registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task .
Unable to delete registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TrueImageMonitor.exe .
========== FILES ==========
File move failed. C:\ProgramData\Partner\partner.exe scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\AskBarDis\bar\Settings scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\AskBarDis\bar\bin scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\AskBarDis\bar scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\AskBarDis scheduled to be moved on reboot.
File/Folder C:\ProgramData\.zreglib not found.
========== COMMANDS ==========
File delete failed. C:\Users\Thierry\AppData\Local\Temp\ppcrlui_3860_2 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

gen-hackman · Answer

je ne peux plus rien faire n'etant pas compétant en 64 bits.......:(

TITIB · Answer

Bonjour gen,
Il y a sûrement quelqu'un de compétant en 64 bits à CCM.... !... et qui pourrait conseiller un utilitaire adapté.
En tout cas, puisque c'est AskBarDis qui semble te faire peur, pourquoi ne pas essayer de supprimer le répertoire C:\Program Files (x86)\AskBarDis\ "à la main" ? 
En tout cas, par prudence, je préfère attendre le conseil d'un utilisateur averti.
Merci
TITIB

TITIB · Answer

Bonjour, 
Il y a sûrement quelqu'un de compétant en 64 bits à CCM et qui pourrait me conseiller l'utilitaire adapté... 
Puisque c'est askbar qui semble te faire peur, pourquoi ne pas supprimer C:\Program Files (x86)\AskBarDis "à la main" ?
J'attends à ce sujet le conseil d'un utilisateur averti.
Merci
TITIB

gen-hackman · Answer

ok lol

tu n as pas "Ask" dans ajout/suppression de programme ?

TITIB · Answer

Non, 
pas sous le nom "ask" ni sous un nom voisin.
par contre, que faut-il penser de partner.exe et autres clés trouvées par OTM ?
Merci
TITIB

gen-hackman · Answer

C:\ProgramData\Partner\partner.exe
C:\Program Files (x86)\AskBarDis
C:\ProgramData\.zreglib 

si tu peux , supprimes ceci en mode sans echec sans prise en charge reseau
--
&#9830;G3&#1080;-&#1085;@¢&#1082;&#1084;@&#1080;&#8482;&#169;&#174;&#9830;

TITIB · Answer

Peux tu m'expliquer la procédure à suivre pour supprimer ceci "en mode sans echec sans prise en charge reseau" ?
Merci

gen-hackman · Answer

Comment aller en Mode sans échec 
1) Redémarres ton ordi 
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" 
3) Tu verras un écran avec options de démarrage apparaître 
4) Choisis la première option : Sans Échec, et valide avec "Entrée" 
5) Choisis ton compte habituel, et non Administrateur (si besoin ... ) 
(attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreurs ...) 

l'ecran sera different c est normal

en redémarrant ensuite , tu te retrouveras dans ta session normale avec cet ecran

TITIB · Answer

Bonjour gen, 
Je me suis mis en mode sans échec et ai effacé les 3 fichiers:
C:\ProgramData\Partner\partner.exe 
C:\Program Files (x86)\AskBarDis 
C:\ProgramData\.zreglib 

J'ai alors relancé OTL:
OTL logfile created on: 21/06/2009 20:04:54 - Run 3
OTL by OldTimer - Version 3.0.2.0     Folder = C:\Users\Thierry\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
2,99 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 59,96% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911,51 Gb Total Space | 698,65 Gb Free Space | 76,65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465,76 Gb Total Space | 135,13 Gb Free Space | 29,01% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC-DE-BUREAU
Current User Name: Thierry
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=#E56717]========== Processes (SafeList) ==========/color
 
PRC - [2009/02/05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/09/18 11:13:00 | 00,079,416 | ---- | M] (Packard Bell BV) -- C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe
PRC - [2007/10/07 17:08:54 | 00,140,568 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2008/09/18 11:13:00 | 00,099,896 | ---- | M] (Packard Bell BV) -- C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\AOSD.exe
PRC - [2008/07/07 17:26:28 | 01,038,136 | ---- | M] (Packard Bell BV) -- C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/12/12 08:31:10 | 01,840,424 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2009/04/04 13:03:48 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/11/16 14:43:16 | 00,040,960 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
PRC - [2009/02/05 22:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2007/10/07 17:01:08 | 02,620,336 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2007/10/07 17:36:58 | 00,904,880 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/04/05 11:00:36 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files (x86)\QuickTime\qttask.exe
PRC - [2007/09/11 01:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2006/08/11 11:15:36 | 00,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2008/05/29 10:49:58 | 00,083,264 | ---- | M] (Packard Bell Services) -- C:\Windows\SysWow64\HidService.exe
PRC - [2008/01/22 10:35:52 | 00,103,808 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
PRC - [2006/10/19 13:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/12/02 15:29:52 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2006/12/19 09:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe
PRC - [2007/10/08 11:19:10 | 00,493,200 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/02/05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/12/12 08:31:10 | 00,537,896 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
PRC - [2009/06/21 19:54:59 | 00,512,512 | ---- | M] (OldTimer Tools) -- C:\Users\Thierry\Desktop\OTL.exe
 
[color=#E56717]========== Win32 Services (SafeList) ==========/color
 
SRV:[b]64bit:/b - [2009/02/05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV:[b]64bit:/b - [2009/02/05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV:[b]64bit:/b - [2009/02/05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV:[b]64bit:/b - [2009/02/05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV:[b]64bit:/b - [2008/07/16 14:00:00 | 00,024,576 | ---- | M] () -- C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe -- (ETService [Auto | Running])
SRV:[b]64bit:/b - [2008/01/21 04:50:24 | 00,027,648 | ---- | M] () -- C:\Windows\SysNative\svchost.exe -- (ezSharedSvc [Auto | Running])
SRV:[b]64bit:/b - [2008/05/29 10:49:58 | 00,083,264 | ---- | M] () -- C:\Windows\SysNative\HidService.exe -- (GenericHidService [Auto | Running])
SRV:[b]64bit:/b - [2008/01/21 04:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV:[b]64bit:/b - [2008/01/21 04:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2007/10/07 17:10:04 | 00,599,320 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc [Auto | Running])
SRV - [2007/09/11 01:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0 [Auto | Running])
SRV - [2006/08/11 11:15:36 | 00,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service [Auto | Running])
SRV - [2008/07/27 20:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/27 20:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2008/01/21 04:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2008/01/21 04:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 17:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/02/03 12:00:00 | 00,129,992 | ---- | M] (EasyBits Sofware AS) -- C:\Windows\SysWow64\ezsvc7.dll -- (ezSharedSvc [Auto | Running])
SRV - [2008/12/02 09:46:56 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/06/20 03:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/05/29 10:49:58 | 00,083,264 | ---- | M] (Packard Bell Services) -- C:\Windows\SysWow64\HidService.exe -- (GenericHidService [Auto | Running])
SRV - [2009/04/22 21:34:13 | 00,182,768 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/06/20 03:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/01/22 10:35:52 | 00,103,808 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC [Auto | Running])
SRV - [2006/11/02 11:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\keyiso.dll -- (KeyIso [On_Demand | Stopped])
SRV - [2006/10/19 13:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2006/11/02 15:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWow64\Msdtc -- (MSDTC [Unknown | Stopped])
SRV - [2008/12/02 15:29:52 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
SRV - [2008/01/21 04:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64
etlogon.dll -- (Netlogon [On_Demand | Stopped])
SRV - [2008/12/12 08:31:10 | 00,537,896 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
SRV - [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/12/19 09:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service [Auto | Running])
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
SRV - [2007/10/08 11:19:10 | 00,493,200 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService [Auto | Running])
SRV - [2006/11/02 08:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vds.mof -- (vds [On_Demand | Stopped])
SRV - [2006/11/02 08:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vss.mof -- (VSS [On_Demand | Stopped])
 
[color=#E56717]========== Driver Services (SafeList) ==========/color
 
DRV:[b]64bit:/b - [2008/01/21 04:46:57 | 00,058,496 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV:[b]64bit:/b - [2009/02/05 22:07:17 | 00,022,096 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV:[b]64bit:/b - [2009/02/05 22:07:07 | 00,064,592 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\aswMonFlt.sys -- (aswMonFlt [Auto | Running])
DRV:[b]64bit:/b - [2009/02/05 22:06:13 | 00,027,216 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr [System | Running])
DRV:[b]64bit:/b - [2009/02/05 22:07:36 | 00,089,680 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP [System | Running])
DRV:[b]64bit:/b - [2009/02/05 22:06:23 | 00,058,448 | ---- | M] () -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV:[b]64bit:/b - [2008/01/21 04:47:28 | 00,048,768 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV:[b]64bit:/b - [2006/11/02 07:28:10 | 00,273,920 | ---- | M] () -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV:[b]64bit:/b - [2005/07/29 17:35:59 | 00,402,456 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV:[b]64bit:/b - [2008/10/01 08:32:22 | 00,095,584 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID [Boot | Running])
DRV:[b]64bit:/b - [2008/01/21 04:46:53 | 00,061,568 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV:[b]64bit:/b - [2008/12/02 09:44:59 | 00,052,856 | ---- | M] () -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64 [Boot | Running])
DRV:[b]64bit:/b - [2008/05/02 07:59:48 | 00,166,912 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169 [On_Demand | Running])
DRV:[b]64bit:/b - [2005/08/25 16:44:36 | 00,043,008 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\RtTeam60.sys -- (RTTEAMPT [On_Demand | Stopped])
DRV:[b]64bit:/b - [2005/08/25 16:44:37 | 00,024,064 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\RtVlan60.sys -- (RTVLANPT [On_Demand | Stopped])
DRV:[b]64bit:/b - [2009/04/04 15:23:58 | 00,229,408 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\snapman.sys -- (snapman [Boot | Running])
DRV:[b]64bit:/b - [2009/04/04 15:23:56 | 00,593,952 | ---- | M] () -- C:\Windows\SysNative\DRIVERS	drpman.sys -- (tdrpman [Boot | Running])
DRV:[b]64bit:/b - [2005/08/25 16:44:36 | 00,043,008 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\RtTeam60.sys -- (TEAM [On_Demand | Stopped])
DRV:[b]64bit:/b - [2009/04/04 15:24:00 | 00,081,952 | ---- | M] () -- C:\Windows\SysNative\DRIVERS	ifsfilt.sys -- (tifsfilter [Auto | Running])
DRV:[b]64bit:/b - [2009/04/04 15:24:00 | 00,711,712 | ---- | M] () -- C:\Windows\SysNative\DRIVERS	imntr.sys -- (timounter [Boot | Running])
DRV:[b]64bit:/b - [2008/01/21 04:47:28 | 00,046,080 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb [On_Demand | Stopped])
DRV - [2008/07/16 13:56:06 | 00,017,952 | ---- | M] (Acer, Inc.) -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15 [Auto | Running])
DRV - [2006/09/18 23:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\SysWow64\Wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
DRV - [2006/09/18 23:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWow64\Wbem	cpip.mof -- (Tcpip [Boot | Running])
 
[color=#E56717]========== Standard Registry (SafeList) ==========/color
 
 
[color=#E56717]========== Internet Explorer ==========/color
 
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp64&d=0409&m=ipower_g5630
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp64&d=0409&m=ipower_g5630
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp64&d=0409&m=ipower_g5630
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp64&d=0409&m=ipower_g5630
 
 
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-887371982-3018223467-355190421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp64&d=0409&m=ipower_g5630
IE - HKU\S-1-5-21-887371982-3018223467-355190421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-887371982-3018223467-355190421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-887371982-3018223467-355190421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
IE - HKU\S-1-5-21-887371982-3018223467-355190421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-887371982-3018223467-355190421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp64&d=0409&m=ipower_g5630
IE - HKU\S-1-5-21-887371982-3018223467-355190421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-887371982-3018223467-355190421-1000\S-1-5-21-887371982-3018223467-355190421-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========/color
 
FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Ask"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/04/04 19:12:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/06/06 17:47:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/05/16 15:50:58 | 00,000,000 | ---D | M]
 
[2009/05/02 21:20:56 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\mozilla\Extensions
[2009/05/02 21:20:56 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/09 18:49:01 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\mozilla\Firefox\Profiles	wnwaf2c.default\extensions
[2009/06/06 17:47:32 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\mozilla\Firefox\Profiles	wnwaf2c.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/06/09 18:49:00 | 00,000,681 | ---- | M] () -- C:\Users\Thierry\AppData\Roaming\Mozilla\FireFox\Profiles	wnwaf2c.default\searchplugins\ask.xml
[2009/05/08 12:06:19 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/05/02 21:20:51 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/08 12:06:19 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/24 08:48:37 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/04/24 08:48:37 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009/05/08 12:06:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins
pdeploytk.dll
[2009/04/24 08:48:37 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins
pnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins
ppdf32.dll
[2006/09/10 13:35:08 | 00,001,516 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml
[2008/09/28 09:10:26 | 00,000,757 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml
[2008/04/16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2006/09/10 13:35:08 | 00,000,748 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2008/03/29 15:59:44 | 00,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml
[2006/09/12 20:49:04 | 00,000,652 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:[b]64bit:/b - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
O3 - HKU\S-1-5-21-887371982-3018223467-355190421-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4:[b]64bit:/b - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:[b]64bit:/b - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:[b]64bit:/b - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:[b]64bit:/b - HKLM..\Run: [FujiKeyboard] c:\Acer\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe (Packard Bell BV)
O4:[b]64bit:/b - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:[b]64bit:/b - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:/b - HKLM..\Run: [Skytel] C:\Windows\Skytel.exe (Realtek Semiconductor Corp.)
O4:[b]64bit:/b - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4:[b]64bit:/b - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Programmes\Alwil Software\Avast4\ashDisp.exe File not found
O4 - HKLM..\Run: [C:\Program Files (x86)\Free Video Zilla\FVZilla.exe]  File not found
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-887371982-3018223467-355190421-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-887371982-3018223467-355190421-1000..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKU\S-1-5-21-887371982-3018223467-355190421-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-887371982-3018223467-355190421-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-887371982-3018223467-355190421-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-887371982-3018223467-355190421-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-887371982-3018223467-355190421-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-887371982-3018223467-355190421-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-21-887371982-3018223467-355190421-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:[b]64bit:/b - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:[b]64bit:/b - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll ()
O10:[b]64bit:/b - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative
apinsp.dll ()
O10:[b]64bit:/b - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:[b]64bit:/b - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:[b]64bit:/b - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll ()
O10:[b]64bit:/b - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll ()
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll ()
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll ()
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll ()
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll ()
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll ()
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll ()
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll ()
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll ()
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll ()
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWow64\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWow64
apinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWow64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWow64\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:[b]64bit:/b - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:[b]64bit:/b - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll ()
O18:[b]64bit:/b - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll ()
O18:[b]64bit:/b - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:[b]64bit:/b - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:[b]64bit:/b - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:[b]64bit:/b - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:/b - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:/b - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:[b]64bit:/b - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:/b - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:/b - Protocol\Handler\ipp - No CLSID value found
O18:[b]64bit:/b - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:/b - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:[b]64bit:/b - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:[b]64bit:/b - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:[b]64bit:/b - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:[b]64bit:/b - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll ()
O18:[b]64bit:/b - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:[b]64bit:/b - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:/b - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:/b - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:/b - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:[b]64bit:/b - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:[b]64bit:/b - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:[b]64bit:/b - Protocol\Handleres {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:[b]64bit:/b - Protocol\Handler	v {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll ()
O18:[b]64bit:/b - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18:[b]64bit:/b - Protocol\Filter:  - application/octet-stream - C:\Windows\SysNative\mscoree.dll ()
O18:[b]64bit:/b - Protocol\Filter:  - application/x-complus - C:\Windows\SysNative\mscoree.dll ()
O18:[b]64bit:/b - Protocol\Filter:  - application/x-msdownload - C:\Windows\SysNative\mscoree.dll ()
O18:[b]64bit:/b - Protocol\Filter:  - deflate - C:\Windows\SysNative\urlmon.dll ()
O18:[b]64bit:/b - Protocol\Filter:  - gzip - C:\Windows\SysNative\urlmon.dll ()
O18:[b]64bit:/b - Protocol\Filter:  - text/xml - C:\Programmes\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL File not found
O18:[b]64bit:/b - Protocol\Filter:  - x-sdch - Reg Error: Key error. File not found
O18 - Protocol\Filter:  - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter:  - x-sdch - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20:[b]64bit:/b - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ezShellStart.exe) - C:\Windows\SysWow64\ezShellStart.exe (EasyBits Software AS)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O30:[b]64bit:/b - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNativeelog_ap.dll ()
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64elog_ap.dll (Acronis)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/30 23:45:30 | 00,000,132 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{455cb69b-210e-11de-a69f-0024211050cd}\Shell\AutoRun\command - "" = E:\Install FreeAgent Tools.exe -- [2007/04/18 03:14:00 | 14,539,9688 | ---- | M] (Seagate                                                   )
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Install FreeAgent Tools.exe -- File not found
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color
 
[2009/06/21 19:54:58 | 00,512,512 | ---- | C] (OldTimer Tools) -- C:\Users\Thierry\Desktop\OTL.exe
[2009/06/21 19:46:35 | 32,117,76000 | -HS- | C] () -- C:\hiberfil.sys
[2009/06/19 21:31:01 | 00,389,632 | ---- | C] (OldTimer Tools) -- C:\Users\Thierry\Desktop\OTM.exe
[2009/06/19 20:50:36 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/06/19 18:06:37 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/06/14 15:13:05 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ole32.dll
[2009/06/14 15:13:04 | 01,922,560 | ---- | C] () -- C:\Windows\SysNative\ole32.dll
[2009/06/14 10:50:39 | 00,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2009/06/14 10:50:29 | 00,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2009/06/14 10:50:24 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2009/06/14 10:50:23 | 00,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2009/06/14 10:50:23 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2009/06/14 10:50:23 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2009/06/14 10:50:22 | 00,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2009/06/14 10:50:22 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2009/06/14 10:50:20 | 00,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2009/06/14 10:50:20 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2009/06/11 21:12:37 | 00,791,552 | ---- | C] () -- C:\Windows\SysNative\localspl.dll
[2009/06/11 21:12:37 | 00,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll
[2009/06/11 21:12:19 | 01,280,512 | ---- | C] () -- C:\Windows\SysNativepcrt4.dll
[2009/06/11 21:12:19 | 00,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64pcrt4.dll
[2009/06/11 21:11:54 | 05,936,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/06/11 21:11:53 | 11,064,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009/06/11 21:11:53 | 09,234,432 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2009/06/11 21:11:52 | 12,454,912 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2009/06/11 21:11:52 | 02,332,672 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2009/06/11 21:11:52 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll
[2009/06/11 21:11:52 | 01,207,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009/06/11 21:11:51 | 01,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2009/06/11 21:11:51 | 01,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2009/06/11 21:11:51 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2009/06/11 21:11:51 | 01,146,368 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2009/06/11 21:11:51 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/06/11 21:11:51 | 00,457,728 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2009/06/11 21:11:51 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009/06/11 21:11:51 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2009/06/11 21:11:51 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009/06/11 21:11:51 | 00,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2009/06/11 21:11:51 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009/06/11 21:11:50 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/06/11 21:11:50 | 01,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2009/06/11 21:11:50 | 00,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2009/06/11 21:11:50 | 00,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2009/06/11 21:11:50 | 00,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2009/06/11 21:11:50 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2009/06/11 21:11:50 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2009/06/11 21:11:50 | 00,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2009/06/11 21:08:14 | 02,742,272 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2009/06/07 18:59:00 | 00,000,042 | ---- | C] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2009/06/07 18:58:55 | 00,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2009/06/06 18:19:02 | 00,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2009/06/06 18:00:50 | 00,000,000 | ---D | C] -- C:\Users\Thierry\Documents\Azureus Downloads
[2009/06/06 17:57:04 | 00,000,000 | ---D | C] -- C:\ProgramData\Azureus
[2009/06/06 17:57:02 | 00,000,000 | ---D | C] -- C:\Users\Thierry\AppData\Roaming\Azureus
[2009/06/06 17:47:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2009/06/06 14:49:43 | 00,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2009/06/03 19:19:39 | 00,001,919 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/06/02 14:13:16 | 00,000,091 | ---- | C] () -- C:\Windows\PhEdit.INI
[2009/05/30 14:07:32 | 00,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX
[2009/05/30 14:07:30 | 00,000,000 | ---D | C] -- C:\ProgramData\CanonIJ
[2009/05/30 14:07:25 | 00,000,000 | ---D | C] -- C:\Users\Thierry\AppData\Roaming\Canon
[2009/05/30 14:06:37 | 00,000,000 | ---D | C] -- C:\Users\Thierry\Desktop\Imprimante Canon MP 630
[2009/05/30 14:03:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Canon -Easy Ink Delivery
[2009/05/30 13:54:29 | 00,000,000 | -H-D | C] -- C:\ProgramData\CanonIJSolutionMenu
[2009/05/30 13:53:56 | 00,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMyPrinter
[2009/05/30 13:53:50 | 00,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM
[2009/05/30 13:30:09 | 00,000,000 | ---D | C] -- C:\Program Files\Canon
[2009/05/30 13:28:55 | 00,001,930 | ---- | C] () -- C:\Users\Public\Desktop\Easy-PhotoPrint EX.lnk
[2009/05/30 13:28:22 | 00,001,932 | ---- | C] () -- C:\Users\Public\Desktop\MP Navigator EX 2.0.lnk
[2009/05/29 21:12:24 | 00,000,000 | ---D | C] -- C:\Users\Thierry\AppData\Roaming\gtk-2.0
[2009/05/29 21:10:15 | 00,000,930 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2009/05/29 21:10:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2009/05/28 21:30:02 | 00,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2009/05/28 20:07:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2009/05/28 20:04:34 | 00,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2009/05/28 20:04:04 | 00,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2009/05/28 20:01:57 | 00,279,040 | ---- | C] () -- C:\Windows\SysNative\CNMLM9C.DLL
[2009/05/28 20:01:48 | 00,292,864 | ---- | C] () -- C:\Windows\SysNative\CNC630L.DLL
[2009/05/28 20:01:48 | 00,229,888 | ---- | C] () -- C:\Windows\SysNative\CNC630O.DLL
[2009/05/28 20:01:48 | 00,092,672 | ---- | C] () -- C:\Windows\SysNative\CNC630I.DLL
[2009/05/28 20:01:47 | 01,354,240 | ---- | C] () -- C:\Windows\SysNative\CNC630C.DLL
[2009/05/28 20:01:37 | 00,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2009/05/28 19:59:38 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2009/05/23 17:05:45 | 00,000,730 | ---- | C] () -- C:\Users\Thierry\Desktop\Mouse_Pipes.lnk
[2009/05/09 14:43:21 | 00,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2009/04/25 12:03:05 | 00,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2009/04/11 21:58:21 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/04/05 10:56:53 | 00,000,000 | ---- | C] () -- C:\Windows\SETUP32.INI
[2009/04/05 10:47:55 | 00,001,110 | ---- | C] () -- C:\Windows\disney.ini
[2009/04/05 10:14:49 | 00,210,456 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2009/04/05 10:14:49 | 00,206,360 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2009/04/05 10:14:49 | 00,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2009/04/05 10:14:49 | 00,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2009/04/05 10:14:49 | 00,194,072 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2009/04/05 10:14:49 | 00,026,136 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2009/04/05 09:46:11 | 00,000,040 | ---- | C] () -- C:\Windows\NAVIGMA.INI
[2009/04/04 16:06:32 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/04/04 13:55:34 | 00,000,566 | ---- | C] () -- C:\Windows\SysWow64\hidservice.ini
[2008/12/02 09:53:09 | 00,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/01/21 04:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64	cpmon.ini
[2008/01/21 04:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 14:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 14:34:27 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2002/03/17 02:00:00 | 00,007,420 | ---- | C] () -- C:\Windows\UA000074.DLL
[2001/10/28 17:42:30 | 00,116,224 | ---- | C] () -- C:\Windows\SysWow64\pdfcmnnt.dll
 
[color=#E56717]========== Files - Modified Within 30 Days ==========/color
 
[2009/06/21 19:54:59 | 00,512,512 | ---- | M] (OldTimer Tools) -- C:\Users\Thierry\Desktop\OTL.exe
[2009/06/21 19:46:53 | 00,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2009/06/21 19:46:47 | 00,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/06/21 19:46:45 | 00,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/06/21 19:46:41 | 00,000,006 | -H-- | M] () -- C:\Windows	asks\SA.DAT
[2009/06/21 19:46:38 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/06/21 19:46:35 | 32,117,76000 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/21 19:10:29 | 00,000,448 | -H-- | M] () -- C:\Windows	asks\User_Feed_Synchronization-{165C88F0-8C9F-415A-A02E-220BC84F20EB}.job
[2009/06/19 21:31:04 | 00,389,632 | ---- | M] (OldTimer Tools) -- C:\Users\Thierry\Desktop\OTM.exe
[2009/06/14 17:40:04 | 00,000,039 | ---- | M] () -- C:\Windows\Irremote.ini
[2009/06/12 09:03:43 | 00,351,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/06/07 18:59:00 | 00,000,042 | ---- | M] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2009/06/07 13:40:01 | 01,470,810 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/06/07 13:40:01 | 00,669,328 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2009/06/07 13:40:01 | 00,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/06/07 13:40:01 | 00,123,350 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2009/06/07 13:40:01 | 00,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/06/03 19:19:39 | 00,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/06/02 14:13:16 | 00,000,091 | ---- | M] () -- C:\Windows\PhEdit.INI
[2009/06/01 19:16:48 | 25,255,368 | ---- | M] () -- C:\Windows\SysNative\mrt.exe
[2009/05/30 13:28:55 | 00,001,930 | ---- | M] () -- C:\Users\Public\Desktop\Easy-PhotoPrint EX.lnk
[2009/05/30 13:28:22 | 00,001,932 | ---- | M] () -- C:\Users\Public\Desktop\MP Navigator EX 2.0.lnk
[2009/05/29 21:10:15 | 00,000,930 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2009/05/23 17:05:45 | 00,000,730 | ---- | M] () -- C:\Users\Thierry\Desktop\Mouse_Pipes.lnk
 
[color=#E56717]========== LOP Check ==========/color
 
[2006/11/02 17:07:25 | 00,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming
[2006/11/02 17:07:25 | 00,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Media Center Programs
[2006/11/02 17:07:25 | 00,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming
[2006/11/02 17:07:25 | 00,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Media Center Programs
[2009/06/06 17:57:02 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming
[2009/04/05 10:03:37 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\AVS4YOU
[2009/06/14 18:18:36 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\Azureus
[2009/06/06 14:49:43 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\Canon
[2009/04/24 17:00:49 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\dvdcss
[2009/04/10 18:58:56 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\FVZilla
[2009/05/29 21:12:24 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\gtk-2.0
[2009/05/16 19:21:33 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\ImgBurn
[2006/11/02 17:07:25 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\Media Center Programs
[2009/04/11 19:36:11 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\Packard Bell
[2009/05/09 14:45:28 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\Panasonic
[2009/04/05 09:35:47 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\PDFCreator
[2009/04/24 22:04:05 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\Ulead Systems
[2009/06/21 19:46:41 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/06/21 19:39:20 | 00,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/06/21 19:10:29 | 00,000,448 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{165C88F0-8C9F-415A-A02E-220BC84F20EB}.job
 
[color=#E56717]========== Purity Check ==========/color
 
 
 
[color=#E56717]========== Alternate Data Streams ==========/color
 
@Alternate Data Stream - 24 bytes -> C:\Windows:076FFFBAB3EB19CB
@Alternate Data Stream - 1282 bytes -> C:\Users\Thierry\Documents\Re_ service de déclaration des revenus en ligne inaccessible  (KMM1109507I).eml:OECustomProperty
< End of report >

Qu'en penses tu maintenant ?
Je te remercie
TITIB

TITIB · Answer

Bonjour gen, 
Je me suis mis en mode sans échec et ai effacé les 3 fichiers:
C:\ProgramData\Partner\partner.exe 
C:\Program Files (x86)\AskBarDis 
C:\ProgramData\.zreglib 

J'ai alors relancé OTL:
OTL logfile created on: 21/06/2009 20:04:54 - Run 3
OTL by OldTimer - Version 3.0.2.0     Folder = C:\Users\Thierry\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
2,99 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 59,96% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911,51 Gb Total Space | 698,65 Gb Free Space | 76,65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465,76 Gb Total Space | 135,13 Gb Free Space | 29,01% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC-DE-BUREAU
Current User Name: Thierry
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2009/02/05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/09/18 11:13:00 | 00,079,416 | ---- | M] (Packard Bell BV) -- C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe
PRC - [2007/10/07 17:08:54 | 00,140,568 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2008/09/18 11:13:00 | 00,099,896 | ---- | M] (Packard Bell BV) -- C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\AOSD.exe
PRC - [2008/07/07 17:26:28 | 01,038,136 | ---- | M] (Packard Bell BV) -- C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/12/12 08:31:10 | 01,840,424 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2009/04/04 13:03:48 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/11/16 14:43:16 | 00,040,960 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
PRC - [2009/02/05 22:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2007/10/07 17:01:08 | 02,620,336 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2007/10/07 17:36:58 | 00,904,880 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/04/05 11:00:36 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files (x86)\QuickTime\qttask.exe
PRC - [2007/09/11 01:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2006/08/11 11:15:36 | 00,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2008/05/29 10:49:58 | 00,083,264 | ---- | M] (Packard Bell Services) -- C:\Windows\SysWow64\HidService.exe
PRC - [2008/01/22 10:35:52 | 00,103,808 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
PRC - [2006/10/19 13:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/12/02 15:29:52 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2006/12/19 09:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe
PRC - [2007/10/08 11:19:10 | 00,493,200 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/02/05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/12/12 08:31:10 | 00,537,896 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
PRC - [2009/06/21 19:54:59 | 00,512,512 | ---- | M] (OldTimer Tools) -- C:\Users\Thierry\Desktop\OTL.exe
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2009/02/05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV:[b]64bit:[/b] - [2009/02/05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV:[b]64bit:[/b] - [2009/02/05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV:[b]64bit:[/b] - [2009/02/05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV:[b]64bit:[/b] - [2008/07/16 14:00:00 | 00,024,576 | ---- | M] () -- C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe -- (ETService [Auto | Running])
SRV:[b]64bit:[/b] - [2008/01/21 04:50:24 | 00,027,648 | ---- | M] () -- C:\Windows\SysNative\svchost.exe -- (ezSharedSvc [Auto | Running])
SRV:[b]64bit:[/b] - [2008/05/29 10:49:58 | 00,083,264 | ---- | M] () -- C:\Windows\SysNative\HidService.exe -- (GenericHidService [Auto | Running])
SRV:[b]64bit:[/b] - [2008/01/21 04:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV:[b]64bit:[/b] - [2008/01/21 04:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2007/10/07 17:10:04 | 00,599,320 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc [Auto | Running])
SRV - [2007/09/11 01:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0 [Auto | Running])
SRV - [2006/08/11 11:15:36 | 00,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service [Auto | Running])
SRV - [2008/07/27 20:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/27 20:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2008/01/21 04:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2008/01/21 04:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 17:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/02/03 12:00:00 | 00,129,992 | ---- | M] (EasyBits Sofware AS) -- C:\Windows\SysWow64\ezsvc7.dll -- (ezSharedSvc [Auto | Running])
SRV - [2008/12/02 09:46:56 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/06/20 03:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/05/29 10:49:58 | 00,083,264 | ---- | M] (Packard Bell Services) -- C:\Windows\SysWow64\HidService.exe -- (GenericHidService [Auto | Running])
SRV - [2009/04/22 21:34:13 | 00,182,768 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/06/20 03:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/01/22 10:35:52 | 00,103,808 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC [Auto | Running])
SRV - [2006/11/02 11:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\keyiso.dll -- (KeyIso [On_Demand | Stopped])
SRV - [2006/10/19 13:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2006/11/02 15:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWow64\Msdtc -- (MSDTC [Unknown | Stopped])
SRV - [2008/12/02 15:29:52 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
SRV - [2008/01/21 04:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64
etlogon.dll -- (Netlogon [On_Demand | Stopped])
SRV - [2008/12/12 08:31:10 | 00,537,896 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])
SRV - [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/12/19 09:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service [Auto | Running])
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
SRV - [2007/10/08 11:19:10 | 00,493,200 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService [Auto | Running])
SRV - [2006/11/02 08:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vds.mof -- (vds [On_Demand | Stopped])
SRV - [2006/11/02 08:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vss.mof -- (VSS [On_Demand | Stopped])
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2008/01/21 04:46:57 | 00,058,496 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV:[b]64bit:[/b] - [2009/02/05 22:07:17 | 00,022,096 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV:[b]64bit:[/b] - [2009/02/05 22:07:07 | 00,064,592 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\aswMonFlt.sys -- (aswMonFlt [Auto | Running])
DRV:[b]64bit:[/b] - [2009/02/05 22:06:13 | 00,027,216 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr [System | Running])
DRV:[b]64bit:[/b] - [2009/02/05 22:07:36 | 00,089,680 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP [System | Running])
DRV:[b]64bit:[/b] - [2009/02/05 22:06:23 | 00,058,448 | ---- | M] () -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV:[b]64bit:[/b] - [2008/01/21 04:47:28 | 00,048,768 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV:[b]64bit:[/b] - [2006/11/02 07:28:10 | 00,273,920 | ---- | M] () -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV:[b]64bit:[/b] - [2005/07/29 17:35:59 | 00,402,456 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV:[b]64bit:[/b] - [2008/10/01 08:32:22 | 00,095,584 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID [Boot | Running])
DRV:[b]64bit:[/b] - [2008/01/21 04:46:53 | 00,061,568 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV:[b]64bit:[/b] - [2008/12/02 09:44:59 | 00,052,856 | ---- | M] () -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64 [Boot | Running])
DRV:[b]64bit:[/b] - [2008/05/02 07:59:48 | 00,166,912 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169 [On_Demand | Running])
DRV:[b]64bit:[/b] - [2005/08/25 16:44:36 | 00,043,008 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\RtTeam60.sys -- (RTTEAMPT [On_Demand | Stopped])
DRV:[b]64bit:[/b] - [2005/08/25 16:44:37 | 00,024,064 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\RtVlan60.sys -- (RTVLANPT [On_Demand | Stopped])
DRV:[b]64bit:[/b] - [2009/04/04 15:23:58 | 00,229,408 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\snapman.sys -- (snapman [Boot | Running])
DRV:[b]64bit:[/b] - [2009/04/04 15:23:56 | 00,593,952 | ---- | M] () -- C:\Windows\SysNative\DRIVERS	drpman.sys -- (tdrpman [Boot | Running])
DRV:[b]64bit:[/b] - [2005/08/25 16:44:36 | 00,043,008 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\RtTeam60.sys -- (TEAM [On_Demand | Stopped])
DRV:[b]64bit:[/b] - [2009/04/04 15:24:00 | 00,081,952 | ---- | M] () -- C:\Windows\SysNative\DRIVERS	ifsfilt.sys -- (tifsfilter [Auto | Running])
DRV:[b]64bit:[/b] - [2009/04/04 15:24:00 | 00,711,712 | ---- | M] () -- C:\Windows\SysNative\DRIVERS	imntr.sys -- (timounter [Boot | Running])
DRV:[b]64bit:[/b] - [2008/01/21 04:47:28 | 00,046,080 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb [On_Demand | Stopped])
DRV - [2008/07/16 13:56:06 | 00,017,952 | ---- | M] (Acer, Inc.) -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15 [Auto | Running])
DRV - [2006/09/18 23:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\SysWow64\Wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
DRV - [2006/09/18 23:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWow64\Wbem	cpip.mof -- (Tcpip [Boot | Running])
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp64&d=0409&m=ipower_g5630
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp64&d=0409&m=ipower_g5630
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp64&d=0409&m=ipower_g5630
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp64&d=0409&m=ipower_g5630
 
 
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-887371982-3018223467-355190421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp64&d=0409&m=ipower_g5630
IE - HKU\S-1-5-21-887371982-3018223467-355190421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-887371982-3018223467-355190421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-887371982-3018223467-355190421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
IE - HKU\S-1-5-21-887371982-3018223467-355190421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-887371982-3018223467-355190421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp64&d=0409&m=ipower_g5630
IE - HKU\S-1-5-21-887371982-3018223467-355190421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-887371982-3018223467-355190421-1000\S-1-5-21-887371982-3018223467-355190421-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Ask"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/04/04 19:12:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/06/06 17:47:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/05/16 15:50:58 | 00,000,000 | ---D | M]
 
[2009/05/02 21:20:56 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\mozilla\Extensions
[2009/05/02 21:20:56 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/09 18:49:01 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\mozilla\Firefox\Profiles	wnwaf2c.default\extensions
[2009/06/06 17:47:32 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\mozilla\Firefox\Profiles	wnwaf2c.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/06/09 18:49:00 | 00,000,681 | ---- | M] () -- C:\Users\Thierry\AppData\Roaming\Mozilla\FireFox\Profiles	wnwaf2c.default\searchplugins\ask.xml
[2009/05/08 12:06:19 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/05/02 21:20:51 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/08 12:06:19 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/24 08:48:37 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/04/24 08:48:37 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009/05/08 12:06:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins
pdeploytk.dll
[2009/04/24 08:48:37 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins
pnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins
ppdf32.dll
[2006/09/10 13:35:08 | 00,001,516 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml
[2008/09/28 09:10:26 | 00,000,757 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml
[2008/04/16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2006/09/10 13:35:08 | 00,000,748 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2008/03/29 15:59:44 | 00,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml
[2006/09/12 20:49:04 | 00,000,652 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
O3 - HKU\S-1-5-21-887371982-3018223467-355190421-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:[b]64bit:[/b] - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:[b]64bit:[/b] - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:[b]64bit:[/b] - HKLM..\Run: [FujiKeyboard] c:\Acer\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe (Packard Bell BV)
O4:[b]64bit:[/b] - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [Skytel] C:\Windows\Skytel.exe (Realtek Semiconductor Corp.)
O4:[b]64bit:[/b] - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Programmes\Alwil Software\Avast4\ashDisp.exe File not found
O4 - HKLM..\Run: [C:\Program Files (x86)\Free Video Zilla\FVZilla.exe]  File not found
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-887371982-3018223467-355190421-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-887371982-3018223467-355190421-1000..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKU\S-1-5-21-887371982-3018223467-355190421-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-887371982-3018223467-355190421-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-887371982-3018223467-355190421-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-887371982-3018223467-355190421-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-887371982-3018223467-355190421-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-887371982-3018223467-355190421-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-21-887371982-3018223467-355190421-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:[b]64bit:[/b] - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll ()
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative
apinsp.dll ()
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll ()
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll ()
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll ()
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll ()
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll ()
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll ()
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll ()
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll ()
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll ()
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll ()
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll ()
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWow64\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWow64
apinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWow64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWow64\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:[b]64bit:[/b] - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:[b]64bit:[/b] - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll ()
O18:[b]64bit:[/b] - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll ()
O18:[b]64bit:[/b] - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:[b]64bit:[/b] - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:[b]64bit:[/b] - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:[b]64bit:[/b] - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:[b]64bit:[/b] - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:[b]64bit:[/b] - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:[b]64bit:[/b] - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:[b]64bit:[/b] - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:[b]64bit:[/b] - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll ()
O18:[b]64bit:[/b] - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handleres {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:[b]64bit:[/b] - Protocol\Handler	v {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll ()
O18:[b]64bit:[/b] - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Filter:  - application/octet-stream - C:\Windows\SysNative\mscoree.dll ()
O18:[b]64bit:[/b] - Protocol\Filter:  - application/x-complus - C:\Windows\SysNative\mscoree.dll ()
O18:[b]64bit:[/b] - Protocol\Filter:  - application/x-msdownload - C:\Windows\SysNative\mscoree.dll ()
O18:[b]64bit:[/b] - Protocol\Filter:  - deflate - C:\Windows\SysNative\urlmon.dll ()
O18:[b]64bit:[/b] - Protocol\Filter:  - gzip - C:\Windows\SysNative\urlmon.dll ()
O18:[b]64bit:[/b] - Protocol\Filter:  - text/xml - C:\Programmes\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL File not found
O18:[b]64bit:[/b] - Protocol\Filter:  - x-sdch - Reg Error: Key error. File not found
O18 - Protocol\Filter:  - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter:  - x-sdch - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ezShellStart.exe) - C:\Windows\SysWow64\ezShellStart.exe (EasyBits Software AS)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O30:[b]64bit:[/b] - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNativeelog_ap.dll ()
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64elog_ap.dll (Acronis)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/30 23:45:30 | 00,000,132 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{455cb69b-210e-11de-a69f-0024211050cd}\Shell\AutoRun\command - "" = E:\Install FreeAgent Tools.exe -- [2007/04/18 03:14:00 | 14,539,9688 | ---- | M] (Seagate                                                   )
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Install FreeAgent Tools.exe -- File not found
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2009/06/21 19:54:58 | 00,512,512 | ---- | C] (OldTimer Tools) -- C:\Users\Thierry\Desktop\OTL.exe
[2009/06/21 19:46:35 | 32,117,76000 | -HS- | C] () -- C:\hiberfil.sys
[2009/06/19 21:31:01 | 00,389,632 | ---- | C] (OldTimer Tools) -- C:\Users\Thierry\Desktop\OTM.exe
[2009/06/19 20:50:36 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/06/19 18:06:37 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/06/14 15:13:05 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ole32.dll
[2009/06/14 15:13:04 | 01,922,560 | ---- | C] () -- C:\Windows\SysNative\ole32.dll
[2009/06/14 10:50:39 | 00,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2009/06/14 10:50:29 | 00,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2009/06/14 10:50:24 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2009/06/14 10:50:23 | 00,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2009/06/14 10:50:23 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2009/06/14 10:50:23 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2009/06/14 10:50:22 | 00,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2009/06/14 10:50:22 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2009/06/14 10:50:20 | 00,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2009/06/14 10:50:20 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2009/06/11 21:12:37 | 00,791,552 | ---- | C] () -- C:\Windows\SysNative\localspl.dll
[2009/06/11 21:12:37 | 00,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll
[2009/06/11 21:12:19 | 01,280,512 | ---- | C] () -- C:\Windows\SysNativepcrt4.dll
[2009/06/11 21:12:19 | 00,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64pcrt4.dll
[2009/06/11 21:11:54 | 05,936,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/06/11 21:11:53 | 11,064,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009/06/11 21:11:53 | 09,234,432 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2009/06/11 21:11:52 | 12,454,912 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2009/06/11 21:11:52 | 02,332,672 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2009/06/11 21:11:52 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll
[2009/06/11 21:11:52 | 01,207,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009/06/11 21:11:51 | 01,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2009/06/11 21:11:51 | 01,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2009/06/11 21:11:51 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2009/06/11 21:11:51 | 01,146,368 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2009/06/11 21:11:51 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/06/11 21:11:51 | 00,457,728 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2009/06/11 21:11:51 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009/06/11 21:11:51 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2009/06/11 21:11:51 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009/06/11 21:11:51 | 00,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2009/06/11 21:11:51 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009/06/11 21:11:50 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/06/11 21:11:50 | 01,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2009/06/11 21:11:50 | 00,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2009/06/11 21:11:50 | 00,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2009/06/11 21:11:50 | 00,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2009/06/11 21:11:50 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2009/06/11 21:11:50 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2009/06/11 21:11:50 | 00,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2009/06/11 21:08:14 | 02,742,272 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2009/06/07 18:59:00 | 00,000,042 | ---- | C] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2009/06/07 18:58:55 | 00,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2009/06/06 18:19:02 | 00,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2009/06/06 18:00:50 | 00,000,000 | ---D | C] -- C:\Users\Thierry\Documents\Azureus Downloads
[2009/06/06 17:57:04 | 00,000,000 | ---D | C] -- C:\ProgramData\Azureus
[2009/06/06 17:57:02 | 00,000,000 | ---D | C] -- C:\Users\Thierry\AppData\Roaming\Azureus
[2009/06/06 17:47:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2009/06/06 14:49:43 | 00,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2009/06/03 19:19:39 | 00,001,919 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/06/02 14:13:16 | 00,000,091 | ---- | C] () -- C:\Windows\PhEdit.INI
[2009/05/30 14:07:32 | 00,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX
[2009/05/30 14:07:30 | 00,000,000 | ---D | C] -- C:\ProgramData\CanonIJ
[2009/05/30 14:07:25 | 00,000,000 | ---D | C] -- C:\Users\Thierry\AppData\Roaming\Canon
[2009/05/30 14:06:37 | 00,000,000 | ---D | C] -- C:\Users\Thierry\Desktop\Imprimante Canon MP 630
[2009/05/30 14:03:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Canon -Easy Ink Delivery
[2009/05/30 13:54:29 | 00,000,000 | -H-D | C] -- C:\ProgramData\CanonIJSolutionMenu
[2009/05/30 13:53:56 | 00,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMyPrinter
[2009/05/30 13:53:50 | 00,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM
[2009/05/30 13:30:09 | 00,000,000 | ---D | C] -- C:\Program Files\Canon
[2009/05/30 13:28:55 | 00,001,930 | ---- | C] () -- C:\Users\Public\Desktop\Easy-PhotoPrint EX.lnk
[2009/05/30 13:28:22 | 00,001,932 | ---- | C] () -- C:\Users\Public\Desktop\MP Navigator EX 2.0.lnk
[2009/05/29 21:12:24 | 00,000,000 | ---D | C] -- C:\Users\Thierry\AppData\Roaming\gtk-2.0
[2009/05/29 21:10:15 | 00,000,930 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2009/05/29 21:10:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2009/05/28 21:30:02 | 00,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2009/05/28 20:07:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2009/05/28 20:04:34 | 00,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2009/05/28 20:04:04 | 00,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2009/05/28 20:01:57 | 00,279,040 | ---- | C] () -- C:\Windows\SysNative\CNMLM9C.DLL
[2009/05/28 20:01:48 | 00,292,864 | ---- | C] () -- C:\Windows\SysNative\CNC630L.DLL
[2009/05/28 20:01:48 | 00,229,888 | ---- | C] () -- C:\Windows\SysNative\CNC630O.DLL
[2009/05/28 20:01:48 | 00,092,672 | ---- | C] () -- C:\Windows\SysNative\CNC630I.DLL
[2009/05/28 20:01:47 | 01,354,240 | ---- | C] () -- C:\Windows\SysNative\CNC630C.DLL
[2009/05/28 20:01:37 | 00,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2009/05/28 19:59:38 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2009/05/23 17:05:45 | 00,000,730 | ---- | C] () -- C:\Users\Thierry\Desktop\Mouse_Pipes.lnk
[2009/05/09 14:43:21 | 00,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2009/04/25 12:03:05 | 00,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2009/04/11 21:58:21 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/04/05 10:56:53 | 00,000,000 | ---- | C] () -- C:\Windows\SETUP32.INI
[2009/04/05 10:47:55 | 00,001,110 | ---- | C] () -- C:\Windows\disney.ini
[2009/04/05 10:14:49 | 00,210,456 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2009/04/05 10:14:49 | 00,206,360 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2009/04/05 10:14:49 | 00,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2009/04/05 10:14:49 | 00,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2009/04/05 10:14:49 | 00,194,072 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2009/04/05 10:14:49 | 00,026,136 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2009/04/05 09:46:11 | 00,000,040 | ---- | C] () -- C:\Windows\NAVIGMA.INI
[2009/04/04 16:06:32 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/04/04 13:55:34 | 00,000,566 | ---- | C] () -- C:\Windows\SysWow64\hidservice.ini
[2008/12/02 09:53:09 | 00,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/01/21 04:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64	cpmon.ini
[2008/01/21 04:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 14:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 14:34:27 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2002/03/17 02:00:00 | 00,007,420 | ---- | C] () -- C:\Windows\UA000074.DLL
[2001/10/28 17:42:30 | 00,116,224 | ---- | C] () -- C:\Windows\SysWow64\pdfcmnnt.dll
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2009/06/21 19:54:59 | 00,512,512 | ---- | M] (OldTimer Tools) -- C:\Users\Thierry\Desktop\OTL.exe
[2009/06/21 19:46:53 | 00,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2009/06/21 19:46:47 | 00,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/06/21 19:46:45 | 00,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/06/21 19:46:41 | 00,000,006 | -H-- | M] () -- C:\Windows	asks\SA.DAT
[2009/06/21 19:46:38 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/06/21 19:46:35 | 32,117,76000 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/21 19:10:29 | 00,000,448 | -H-- | M] () -- C:\Windows	asks\User_Feed_Synchronization-{165C88F0-8C9F-415A-A02E-220BC84F20EB}.job
[2009/06/19 21:31:04 | 00,389,632 | ---- | M] (OldTimer Tools) -- C:\Users\Thierry\Desktop\OTM.exe
[2009/06/14 17:40:04 | 00,000,039 | ---- | M] () -- C:\Windows\Irremote.ini
[2009/06/12 09:03:43 | 00,351,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/06/07 18:59:00 | 00,000,042 | ---- | M] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2009/06/07 13:40:01 | 01,470,810 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/06/07 13:40:01 | 00,669,328 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2009/06/07 13:40:01 | 00,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/06/07 13:40:01 | 00,123,350 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2009/06/07 13:40:01 | 00,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/06/03 19:19:39 | 00,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/06/02 14:13:16 | 00,000,091 | ---- | M] () -- C:\Windows\PhEdit.INI
[2009/06/01 19:16:48 | 25,255,368 | ---- | M] () -- C:\Windows\SysNative\mrt.exe
[2009/05/30 13:28:55 | 00,001,930 | ---- | M] () -- C:\Users\Public\Desktop\Easy-PhotoPrint EX.lnk
[2009/05/30 13:28:22 | 00,001,932 | ---- | M] () -- C:\Users\Public\Desktop\MP Navigator EX 2.0.lnk
[2009/05/29 21:10:15 | 00,000,930 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2009/05/23 17:05:45 | 00,000,730 | ---- | M] () -- C:\Users\Thierry\Desktop\Mouse_Pipes.lnk
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2006/11/02 17:07:25 | 00,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming
[2006/11/02 17:07:25 | 00,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Media Center Programs
[2006/11/02 17:07:25 | 00,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming
[2006/11/02 17:07:25 | 00,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Media Center Programs
[2009/06/06 17:57:02 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming
[2009/04/05 10:03:37 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\AVS4YOU
[2009/06/14 18:18:36 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\Azureus
[2009/06/06 14:49:43 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\Canon
[2009/04/24 17:00:49 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\dvdcss
[2009/04/10 18:58:56 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\FVZilla
[2009/05/29 21:12:24 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\gtk-2.0
[2009/05/16 19:21:33 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\ImgBurn
[2006/11/02 17:07:25 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\Media Center Programs
[2009/04/11 19:36:11 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\Packard Bell
[2009/05/09 14:45:28 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\Panasonic
[2009/04/05 09:35:47 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\PDFCreator
[2009/04/24 22:04:05 | 00,000,000 | ---D | M] -- C:\Users\Thierry\AppData\Roaming\Ulead Systems
[2009/06/21 19:46:41 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/06/21 19:39:20 | 00,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/06/21 19:10:29 | 00,000,448 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{165C88F0-8C9F-415A-A02E-220BC84F20EB}.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 24 bytes -> C:\Windows:076FFFBAB3EB19CB
@Alternate Data Stream - 1282 bytes -> C:\Users\Thierry\Documents\Re_ service de déclaration des revenus en ligne inaccessible  (KMM1109507I).eml:OECustomProperty
< End of report >

Qu'en penses tu maintenant ?
Je te remercie
TITIB

gen-hackman · Answer

salut tu n'as apparement plus d'infections mais beaucoup de choses inutiles ....

c'est deja ca de gagné ;)

Win.trojan-gen (other)

29 réponses

Votre réponse

Discussions similaires

Newsletters