A l'aide j'ai attrapé un virus!!!!
lili500
-
Malekal_morte- Messages postés 178136 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention -
Malekal_morte- Messages postés 178136 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention -
Bonjour,
j'utilise depuis peu windows 7 64 bits.
depuis 2 jours internet exploreur rame un peu a s'ouvrir.
ce matin je surf tranquilement et voila qu'il apparait un message d'erreur me disant que je suis infecté par divers virus et trojans.
une fenetre windows s'ouvre et me donne divers liens de telechargements de logiciels qui permettrait de reparer les degats.voyant que c'etait une fenetre windows je fait confiance et telecharge le 1 er logiciel se nomant antispyware .donc je le telecharge il redemarre tout seul le pc et lance un scan .
le resultat du scan est le suivant 48 fichiers restaurés,et 9 requierent un abonnement a 100€ pour etre restauré (l'arnaque quoi) mais si je n'axccepte pas l'abonnement et que je ferme la fenetre je tombe sur un ecran noir et je suis bloqué.j'ai essayé en mode sans echec mais ke scan redemare.
que puis je faire?merci d'avance pour votre aide.
j'utilise depuis peu windows 7 64 bits.
depuis 2 jours internet exploreur rame un peu a s'ouvrir.
ce matin je surf tranquilement et voila qu'il apparait un message d'erreur me disant que je suis infecté par divers virus et trojans.
une fenetre windows s'ouvre et me donne divers liens de telechargements de logiciels qui permettrait de reparer les degats.voyant que c'etait une fenetre windows je fait confiance et telecharge le 1 er logiciel se nomant antispyware .donc je le telecharge il redemarre tout seul le pc et lance un scan .
le resultat du scan est le suivant 48 fichiers restaurés,et 9 requierent un abonnement a 100€ pour etre restauré (l'arnaque quoi) mais si je n'axccepte pas l'abonnement et que je ferme la fenetre je tombe sur un ecran noir et je suis bloqué.j'ai essayé en mode sans echec mais ke scan redemare.
que puis je faire?merci d'avance pour votre aide.
43 réponses
- 1
- 2
- 3
Suivant
Résumé de la discussion
La problématique centrale est une infection par des virus et trojans après l’apparition d’une fenêtre émanant d’un faux antivirus, bloquant partiellement le système et ralentissant Internet Explorer. Des solutions recommandées incluent l’utilisation d’OTL en mode administrateur pour générer des rapports, l’exécution d’un scan Malwarebytes Anti-Malware et le recours à des sites tiers pour partager les rapports afin de confirmer l’infection. En parallèle, il convient de sauvegarder les documents importants et de vérifier le système avec un autre outil antiparasitaire, puis de relancer des analyses après redémarrage afin de déceler les éventuels composants résiduels. En cas de blocage persistant, l’utilisation d’un disque de démarrage antivirus ou d’un outil en live CD peut s’avérer nécessaire pour nettoyer le système sans démarrer Windows.
-
OK.
Bon bha OTL.
Tjrs à transférer... vu que tu peux pas télécharger.
* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
* Lance OTL
* Sous Peronnalisation, copie-colle ce qu'il y a dans le cadre ci-dessous :
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT
* Clique sur le bouton Quick Scan.
* Quand le scan est fini, utilise le site http://www.cijoint.fr/ pour me donner les deux rapports : OTL.Txt et Extras.Txt.
-
Bon.
Déjà sauvegarde tes documents importants car le PC est bien infecté, on est pas à l'abri d'un plantage.
Ensuite tu lis bien ce qui est écrit et tu suis calmement la procédure pour ne pas faire de boulette.
Relance OTL.
o sous Peronnalisation, copie_colle le contenu du cadre ci dessous et clic Correction, un rapport apparraitra suite à l'operation que tu conserveras sur clé usb par exemple afin d'en coller le resultat:
:OTL
PRC - [2010/10/01 23:01:04 | 000,129,024 | ---- | M] () -- C:\Users\PC DE NATHALIE\AppData\Roaming\SysWin\lsass.exe
MOD - [2010/10/01 23:11:47 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\cmicryptinstall32.dlllnjprf0gy4a9gx32.dll0ghrfwhdj9132.dlltsoa932.dllt3tkwj2v132.dll
MOD - [2010/10/01 23:11:42 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\CertPolEng32.dll1s4ywwwymy232.dll0jlcto2wu32.dllfj9d1ea32.dllpqp3jw1dgl32.dll
MOD - [2010/10/01 23:10:57 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\cmicryptinstall32.dlllnjprf0gy4a9gx32.dll0ghrfwhdj9132.dlltsoa932.dll
MOD - [2010/10/01 23:10:52 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\CertPolEng32.dll1s4ywwwymy232.dll0jlcto2wu32.dllfj9d1ea32.dll
MOD - [2010/10/01 23:10:08 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\cmicryptinstall32.dlllnjprf0gy4a9gx32.dll0ghrfwhdj9132.dll
MOD - [2010/10/01 23:10:03 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\CertPolEng32.dll1s4ywwwymy232.dll0jlcto2wu32.dll
MOD - [2010/10/01 23:09:18 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\cmicryptinstall32.dlllnjprf0gy4a9gx32.dll
MOD - [2010/10/01 23:09:13 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\CertPolEng32.dll1s4ywwwymy232.dll
MOD - [2010/10/01 23:08:29 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\cmicryptinstall32.dll
MOD - [2010/10/01 23:08:24 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\CertPolEng32.dll
MOD - [2010/10/01 23:07:37 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\connect32.dll
MOD - [2010/10/01 23:07:34 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\comctl3232.dll
MOD - [2010/10/01 23:06:48 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\d3d10level93232.dll
MOD - [2010/10/01 23:06:45 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\C_IS202232.dll
MOD - [2010/10/01 23:05:58 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dciman3232.dll
MOD - [2010/10/01 23:05:55 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\D3DX9_4232.dll
MOD - [2010/10/01 23:05:20 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\BOOTVID32.dll
MOD - [2010/10/01 23:05:06 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\aticalcl32.dll
MOD - [2010/10/01 23:04:42 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\cryptbase32.dll
MOD - [2010/10/01 23:04:16 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\azroleui32.dll
MOD - [2010/10/01 23:04:10 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\d3d10level932.dlljjtrt32.dlll4ll4gzd32.dll6e02oo7rrq81lm732.dllwt8c309q3y4732.dll
MOD - [2010/10/01 23:03:20 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\d3d10level932.dlljjtrt32.dlll4ll4gzd32.dll6e02oo7rrq81lm732.dll
MOD - [2010/10/01 23:02:35 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dhcpcore632.dllvkjj3efn532.dlltzbznzf5n5ux32.dll72ro832.dll0vwo9kp58vq0132.dll
MOD - [2010/10/01 23:02:31 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\d3d10level932.dlljjtrt32.dlll4ll4gzd32.dll
MOD - [2010/10/01 23:01:43 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dhcpcore632.dllvkjj3efn532.dlltzbznzf5n5ux32.dll72ro832.dll
MOD - [2010/10/01 23:01:41 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\d3d10level932.dlljjtrt32.dll
MOD - [2010/10/01 23:00:54 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dhcpcore632.dllvkjj3efn532.dlltzbznzf5n5ux32.dll
MOD - [2010/10/01 23:00:51 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\d3d10level932.dll
MOD - [2010/10/01 23:00:01 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dpnlobby32.dllch94uoma32.dllk9gnvmm5qcc32.dll1cqawb4qh8ht32.dllb9ai4ho408r232.dll
MOD - [2010/10/01 23:00:01 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dhcpcore632.dllvkjj3efn532.dll
MOD - [2010/10/01 23:00:00 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-032.dll
MOD - [2010/10/01 22:59:09 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dhcpcore632.dll
MOD - [2010/10/01 22:59:08 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dpnlobby32.dllch94uoma32.dllk9gnvmm5qcc32.dll1cqawb4qh8ht32.dll
MOD - [2010/10/01 22:59:07 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dfscli32.dll
MOD - [2010/10/01 22:58:17 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dpnlobby32.dllch94uoma32.dllk9gnvmm5qcc32.dll
MOD - [2010/10/01 22:58:17 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dmrc32.dll
MOD - [2010/10/01 22:58:16 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dmloader32.dll
MOD - [2010/10/01 22:57:26 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dpnlobby32.dllch94uoma32.dll
MOD - [2010/10/01 22:57:26 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dpnlobby32.dll
MOD - [2010/10/01 22:57:23 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dot3ui32.dll
MOD - [2010/10/01 22:56:35 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dsuiext32.dll
MOD - [2010/10/01 22:56:32 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\DShowRdpFilter32.dll
MOD - [2010/10/01 22:56:28 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\drmv2clt32.dll
MOD - [2010/10/01 22:55:57 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\framedyn32.dll
MOD - [2010/10/01 22:55:42 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\EBLib32.dll
MOD - [2010/10/01 22:54:52 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\fdSSDP32.dll
O2 - BHO: (no name) - {002B74BB-22BF-47B7-8E87-56F9070F60D8} - C:\Windows\SysWOW64\credssp32.dll (Inprise Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (54d6000e) - {CFB4473F-968D-3762-3E02-DDC7C75640EF} - C:\Windows\SysWOW64\comctl3232.dll (Inprise Corporation)
O4 - HKLM..\Run: [IP Network] C:\Program Files (x86)\InstallPedia\lnetworker.exe ()
O4 - HKLM..\Run: [RTHDBPL] C:\Users\PC DE NATHALIE\AppData\Roaming\SysWin\lsass.exe ()
O20 - AppInit_DLLs: (C:\Windows\system32\fdSSDP32.dll) - C:\Windows\SysWOW64\fdSSDP32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\EBLib32.dll) - C:\Windows\SysWOW64\EBLib32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\framedyn32.dll) - C:\Windows\SysWOW64\framedyn32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\drmv2clt32.dll) - C:\Windows\SysWOW64\drmv2clt32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\DShowRdpFilter32.dll) - C:\Windows\SysWOW64\DShowRdpFilter32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dsuiext32.dll) - C:\Windows\SysWOW64\dsuiext32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dot3ui32.dll) - C:\Windows\SysWOW64\dot3ui32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dpnlobby32.dll) - C:\Windows\SysWOW64\dpnlobby32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dpnlobby32.dllch94uoma32.dll) - C:\Windows\SysWOW64\dpnlobby32.dllch94uoma32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dmloader32.dll) - C:\Windows\SysWOW64\dmloader32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dpnlobby32.dllch94uoma32.dllk9gnvmm5qcc32.dll) - C:\Windows\SysWOW64\dpnlobby32.dllch94uoma32.dllk9gnvmm5qcc32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dmrc32.dll) - C:\Windows\SysWOW64\dmrc32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dfscli32.dll) - C:\Windows\SysWOW64\dfscli32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dpnlobby32.dllch94uoma32.dllk9gnvmm5qcc32.dll1cqawb4qh8ht32.dll) - C:\Windows\SysWOW64\dpnlobby32.dllch94uoma32.dllk9gnvmm5qcc32.dll1cqawb4qh8ht32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dhcpcore632.dll) - C:\Windows\SysWOW64\dhcpcore632.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-032.dll) - C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-032.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dhcpcore632.dllvkjj3efn532.dll) - C:\Windows\SysWOW64\dhcpcore632.dllvkjj3efn532.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dpnlobby32.dllch94uoma32.dllk9gnvmm5qcc32.dll1cqawb4qh8ht32.dllb9ai4ho408r232.dll) - C:\Windows\SysWOW64\dpnlobby32.dllch94uoma32.dllk9gnvmm5qcc32.dll1cqawb4qh8ht32.dllb9ai4ho408r232.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\d3d10level932.dll) - C:\Windows\SysWOW64\d3d10level932.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dhcpcore632.dllvkjj3efn532.dlltzbznzf5n5ux32.dll) - C:\Windows\SysWOW64\dhcpcore632.dllvkjj3efn532.dlltzbznzf5n5ux32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\d3d10level932.dlljjtrt32.dll) - C:\Windows\SysWOW64\d3d10level932.dlljjtrt32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dhcpcore632.dllvkjj3efn532.dlltzbznzf5n5ux32.dll72ro832.dll) - C:\Windows\SysWOW64\dhcpcore632.dllvkjj3efn532.dlltzbznzf5n5ux32.dll72ro832.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\d3d10level932.dlljjtrt32.dlll4ll4gzd32.dll) - C:\Windows\SysWOW64\d3d10level932.dlljjtrt32.dlll4ll4gzd32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dhcpcore632.dllvkjj3efn532.dlltzbznzf5n5ux32.dll72ro832.dll0vwo9kp58vq0132.dll) - C:\Windows\SysWOW64\dhcpcore632.dllvkjj3efn532.dlltzbznzf5n5ux32.dll72ro832.dll0vwo9kp58vq0132.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\d3d10level932.dlljjtrt32.dlll4ll4gzd32.dll6e02oo7rrq81lm732.dll) - C:\Windows\SysWOW64\d3d10level932.dlljjtrt32.dlll4ll4gzd32.dll6e02oo7rrq81lm732.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\d3d10level932.dlljjtrt32.dlll4ll4gzd32.dll6e02oo7rrq81lm732.dllwt8c309q3y4732.dll) - C:\Windows\SysWOW64\d3d10level932.dlljjtrt32.dlll4ll4gzd32.dll6e02oo7rrq81lm732.dllwt8c309q3y4732.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\azroleui32.dll) - C:\Windows\SysWOW64\azroleui32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\cryptbase32.dll) - C:\Windows\SysWOW64\cryptbase32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\aticalcl32.dll) - C:\Windows\SysWOW64\aticalcl32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\BOOTVID32.dll) - C:\Windows\SysWOW64\BOOTVID32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\D3DX9_4232.dll) - C:\Windows\SysWOW64\D3DX9_4232.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dciman3232.dll) - C:\Windows\SysWOW64\dciman3232.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\C_IS202232.dll) - C:\Windows\SysWOW64\C_IS202232.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\d3d10level93232.dll) - C:\Windows\SysWOW64\d3d10level93232.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\comctl3232.dll) - C:\Windows\SysWOW64\comctl3232.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\connect32.dll) - C:\Windows\SysWOW64\connect32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\CertPolEng32.dll) - C:\Windows\SysWOW64\CertPolEng32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\cmicryptinstall32.dll) - C:\Windows\SysWOW64\cmicryptinstall32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\CertPolEng32.dll1s4ywwwymy232.dll) - C:\Windows\SysWOW64\CertPolEng32.dll1s4ywwwymy232.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\cmicryptinstall32.dlllnjprf0gy4a9gx32.dll) - C:\Windows\SysWOW64\cmicryptinstall32.dlllnjprf0gy4a9gx32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\CertPolEng32.dll1s4ywwwymy232.dll0jlcto2wu32.dll) - C:\Windows\SysWOW64\CertPolEng32.dll1s4ywwwymy232.dll0jlcto2wu32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\cmicryptinstall32.dlllnjprf0gy4a9gx32.dll0ghrfwhdj9132.dll) - C:\Windows\SysWOW64\cmicryptinstall32.dlllnjprf0gy4a9gx32.dll0ghrfwhdj9132.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\CertPolEng32.dll1s4ywwwymy232.dll0jlcto2wu32.dllfj9d1ea32.dll) - C:\Windows\SysWOW64\CertPolEng32.dll1s4ywwwymy232.dll0jlcto2wu32.dllfj9d1ea32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\cmicryptinstall32.dlllnjprf0gy4a9gx32.dll0ghrfwhdj9132.dlltsoa932.dll) - C:\Windows\SysWOW64\cmicryptinstall32.dlllnjprf0gy4a9gx32.dll0ghrfwhdj9132.dlltsoa932.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\CertPolEng32.dll1s4ywwwymy232.dll0jlcto2wu32.dllfj9d1ea32.dllpqp3jw1dgl32.dll) - C:\Windows\SysWOW64\CertPolEng32.dll1s4ywwwymy232.dll0jlcto2wu32.dllfj9d1ea32.dllpqp3jw1dgl32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\cmicryptinstall32.dlllnjprf0gy4a9gx32.dll0ghrfwhdj9132.dlltsoa932.dllt3tkwj2v132.dll) - C:\Windows\SysWOW64\cmicryptinstall32.dlllnjprf0gy4a9gx32.dll0ghrfwhdj9132.dlltsoa932.dllt3tkwj2v132.dll (Inprise Corporation)
[2010/10/05 10:49:48 | 000,000,201 | ---- | M] () -- C:\Users\PC DE NATHALIE\AppData\Roaming\srsf.bat
[2010/10/05 10:49:28 | 000,650,240 | ---- | M] () -- C:\Users\PC DE NATHALIE\AppData\Roaming\hotfix.exe
[2010/10/01 11:50:56 | 000,099,384 | ---- | M] () -- C:\Users\PC DE NATHALIE\AppData\Roaming\inst.exe
[2010/10/01 23:01:07 | 000,000,000 | -HSD | M] -- C:\Users\PC DE NATHALIE\AppData\Roaming\SysWin
* redemarre le pc sous windows et poste le rapport ici
Fais un scan Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Enregistre le rapport et poste le ici.
Relance un scan OTL comme la première fois : https://forums.commentcamarche.net/forum/affich-19390403-a-l-aide-j-ai-attrape-un-virus#7
Envoie sur cijoint et donne les liens.
Les hommes réunissent tous les erreurs de leur vie et créent un monstre qu'il appelle destin. -
Salut,
C'est quoi le nom du faux antispyware ?
Désactive les logiciels de protection (Antivirus, Antispywares) puis :
Télécharge Combofix sUBs : [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]combofix.exe[/url] et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix, accepte la licence d'utilisation et laisse toi guider.
Eventuellement, installe la console de récupération comme cela est conseillé
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Tu as le tutorial sur ce lien pour t'aider : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
PS : si Combofix ne se lance pas, renomme le fichier Combofix et retente.
Si pas mieux, tente en mode sans échec sans prise en charge du réseau : Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.
-
merci pour ta reponse.
j'ai mcafee comme anti virus, mais ce n'est pas lui qui a detecté les virus.de plus je n'ai pas acces au bureau je ne peu donc pas desactivé antispyware.j'ai voulu le desinstaller mais il n'est pas dans la liste des applications.
je n'ai pas d'acces a internet (je me connecte par mon pc de bureau) sur le pc portable et c'est lui qui est infecté.de plus internet exploreur 8 a disparu alors ma question ai comment avoir acces a un moteur de recherche que en ayant acces au bureau sans internet exploreur? -
-
Ton infection est de type rogue : https://forum.malekal.com/viewtopic.php?t=589&start=
C'est un faux antispyware qui affiche de fausse alerte, je voudrais le nom de ce faux antispyware.
Télécharge Combofix depuis sur le PC de bureau et transfère Combofix sur ton portable par clef USB et tente de le lancer, si le faux antispyware bloque Combofix.
Tente d'executer Combofix en mode sans échec comme indiqué à la fin de la procédure. -
-
-
-
bon comme par magie tout est rentré dans l'ordre , croit tu que je devrais faire la manip?le virus a pas disparu tout seul?
-
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question -
je le fais quand meme mais j'ai pas eu besoin du clique droit otl et utiliser administrateur.j'ai copier collé et j'ai cliqué sur analyse.le scan est en cour a toute a l'heure
-
Je peux pas répondre vu que j'ai pas de rapport.
T'as peut-être juste changé de session et l'infection est pas active sur celle-ci.
Fais OTL.
-
voici pour otl car je n'ai pas reussi avec le logiciel que tu preconise
OTL logfile created on: 05/10/2010 13:17:03 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\PC DE NATHALIE\Documents\Downloads\Programs
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,85 Gb Total Space | 244,31 Gb Free Space | 82,03% Space Free | Partition Type: NTFS
Drive D: | 297,93 Gb Total Space | 289,12 Gb Free Space | 97,04% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 465,70 Gb Total Space | 409,37 Gb Free Space | 87,90% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PCDENATHALIE
Current User Name: PC DE NATHALIE
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=#E56717]========== Processes (SafeList) ==========/color
PRC - [2010/10/05 13:15:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\PC DE NATHALIE\Documents\Downloads\Programs\OTL.exe
PRC - [2010/10/01 23:01:04 | 000,129,024 | ---- | M] () -- C:\Users\PC DE NATHALIE\AppData\Roaming\SysWin\lsass.exe
PRC - [2010/10/01 10:18:33 | 001,812,992 | ---- | M] (DreamStudio) -- D:\DreamMail4\DM2005.exe
PRC - [2010/09/22 16:30:16 | 002,391,718 | ---- | M] () -- C:\Program Files (x86)\Search Advisor\adgui.exe
PRC - [2010/09/18 18:31:06 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
PRC - [2010/07/21 14:59:48 | 001,962,840 | ---- | M] (Secure Digital Services Limited) -- C:\Program Files (x86)\OfferBox\OfferBox.exe
PRC - [2010/05/26 15:03:07 | 003,220,912 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2010/03/26 10:52:24 | 001,234,216 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009/10/28 11:15:10 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/10/02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 14:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/09/30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/08/19 09:53:32 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 09:53:30 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/08/12 12:30:42 | 006,203,296 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe
PRC - [2009/07/28 20:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/01/23 11:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/01/13 21:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
[color=#E56717]========== Modules (SafeList) ==========/color
MOD - [2010/10/05 13:15:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\PC DE NATHALIE\Documents\Downloads\Programs\OTL.exe
MOD - [2010/10/01 23:11:47 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\cmicryptinstall32.dlllnjprf0gy4a9gx32.dll0ghrfwhdj9132.dlltsoa932.dllt3tkwj2v132.dll
MOD - [2010/10/01 23:11:42 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\CertPolEng32.dll1s4ywwwymy232.dll0jlcto2wu32.dllfj9d1ea32.dllpqp3jw1dgl32.dll
MOD - [2010/10/01 23:10:57 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\cmicryptinstall32.dlllnjprf0gy4a9gx32.dll0ghrfwhdj9132.dlltsoa932.dll
MOD - [2010/10/01 23:10:52 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\CertPolEng32.dll1s4ywwwymy232.dll0jlcto2wu32.dllfj9d1ea32.dll
MOD - [2010/10/01 23:10:08 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\cmicryptinstall32.dlllnjprf0gy4a9gx32.dll0ghrfwhdj9132.dll
MOD - [2010/10/01 23:10:03 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\CertPolEng32.dll1s4ywwwymy232.dll0jlcto2wu32.dll
MOD - [2010/10/01 23:09:18 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\cmicryptinstall32.dlllnjprf0gy4a9gx32.dll
MOD - [2010/10/01 23:09:13 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\CertPolEng32.dll1s4ywwwymy232.dll
MOD - [2010/10/01 23:08:29 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\cmicryptinstall32.dll
MOD - [2010/10/01 23:08:24 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\CertPolEng32.dll
MOD - [2010/10/01 23:07:37 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\connect32.dll
MOD - [2010/10/01 23:07:34 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\comctl3232.dll
MOD - [2010/10/01 23:06:48 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\d3d10level93232.dll
MOD - [2010/10/01 23:06:45 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\C_IS202232.dll
MOD - [2010/10/01 23:05:58 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dciman3232.dll
MOD - [2010/10/01 23:05:55 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\D3DX9_4232.dll
MOD - [2010/10/01 23:05:20 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\BOOTVID32.dll
MOD - [2010/10/01 23:05:06 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\aticalcl32.dll
MOD - [2010/10/01 23:04:42 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\cryptbase32.dll
MOD - [2010/10/01 23:04:16 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\azroleui32.dll
MOD - [2010/10/01 23:04:10 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\d3d10level932.dlljjtrt32.dlll4ll4gzd32.dll6e02oo7rrq81lm732.dllwt8c309q3y4732.dll
MOD - [2010/10/01 23:03:20 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\d3d10level932.dlljjtrt32.dlll4ll4gzd32.dll6e02oo7rrq81lm732.dll
MOD - [2010/10/01 23:02:35 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dhcpcore632.dllvkjj3efn532.dlltzbznzf5n5ux32.dll72ro832.dll0vwo9kp58vq0132.dll
MOD - [2010/10/01 23:02:31 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\d3d10level932.dlljjtrt32.dlll4ll4gzd32.dll
MOD - [2010/10/01 23:01:43 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dhcpcore632.dllvkjj3efn532.dlltzbznzf5n5ux32.dll72ro832.dll
MOD - [2010/10/01 23:01:41 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\d3d10level932.dlljjtrt32.dll
MOD - [2010/10/01 23:00:54 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dhcpcore632.dllvkjj3efn532.dlltzbznzf5n5ux32.dll
MOD - [2010/10/01 23:00:51 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\d3d10level932.dll
MOD - [2010/10/01 23:00:01 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dpnlobby32.dllch94uoma32.dllk9gnvmm5qcc32.dll1cqawb4qh8ht32.dllb9ai4ho408r232.dll
MOD - [2010/10/01 23:00:01 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dhcpcore632.dllvkjj3efn532.dll
MOD - [2010/10/01 23:00:00 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-032.dll
MOD - [2010/10/01 22:59:09 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dhcpcore632.dll
MOD - [2010/10/01 22:59:08 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dpnlobby32.dllch94uoma32.dllk9gnvmm5qcc32.dll1cqawb4qh8ht32.dll
MOD - [2010/10/01 22:59:07 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dfscli32.dll
MOD - [2010/10/01 22:58:17 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dpnlobby32.dllch94uoma32.dllk9gnvmm5qcc32.dll
MOD - [2010/10/01 22:58:17 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dmrc32.dll
MOD - [2010/10/01 22:58:16 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dmloader32.dll
MOD - [2010/10/01 22:57:26 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dpnlobby32.dllch94uoma32.dll
MOD - [2010/10/01 22:57:26 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dpnlobby32.dll
MOD - [2010/10/01 22:57:23 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dot3ui32.dll
MOD - [2010/10/01 22:56:35 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\dsuiext32.dll
MOD - [2010/10/01 22:56:32 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\DShowRdpFilter32.dll
MOD - [2010/10/01 22:56:28 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\drmv2clt32.dll
MOD - [2010/10/01 22:55:57 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\framedyn32.dll
MOD - [2010/10/01 22:55:42 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\EBLib32.dll
MOD - [2010/10/01 22:54:52 | 000,211,968 | ---- | M] (Inprise Corporation) -- C:\Windows\SysWOW64\fdSSDP32.dll
MOD - [2009/07/14 03:16:12 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\powrprof.dll
MOD - [2009/07/14 03:15:13 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dsound.dll
MOD - [2009/07/14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/01/23 11:46:18 | 000,013,840 | ---- | M] () -- C:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
[color=#E56717]========== Win32 Services (SafeList) ==========/color
SRV:[b]64bit:/b - [2010/08/24 14:57:38 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:[b]64bit:/b - [2010/08/24 14:57:38 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:[b]64bit:/b - [2010/08/24 14:57:38 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:[b]64bit:/b - [2010/04/15 09:45:10 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:[b]64bit:/b - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:[b]64bit:/b - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:[b]64bit:/b - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:[b]64bit:/b - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:[b]64bit:/b - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:[b]64bit:/b - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:[b]64bit:/b - [2009/11/10 13:54:54 | 000,824,688 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:[b]64bit:/b - [2009/11/05 22:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:[b]64bit:/b - [2009/11/05 10:19:12 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:[b]64bit:/b - [2009/09/28 14:46:02 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:[b]64bit:/b - [2009/09/08 23:56:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:/b - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:[b]64bit:/b - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2010/07/28 23:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 17:23:04 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/27 20:12:14 | 000,252,784 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/10/15 17:49:56 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2009/10/06 09:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/10/02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/09/30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/03/10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/01/23 11:46:14 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
[color=#E56717]========== Driver Services (SafeList) ==========/color
DRV:[b]64bit:/b - [2010/08/24 14:57:38 | 000,529,000 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:[b]64bit:/b - [2010/08/24 14:57:38 | 000,441,072 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:[b]64bit:/b - [2010/08/24 14:57:38 | 000,283,232 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:[b]64bit:/b - [2010/08/24 14:57:38 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:[b]64bit:/b - [2010/08/24 14:57:38 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:[b]64bit:/b - [2010/08/24 14:57:38 | 000,094,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:[b]64bit:/b - [2010/08/24 14:57:38 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:[b]64bit:/b - [2010/08/24 14:57:38 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:[b]64bit:/b - [2009/11/05 23:15:40 | 000,291,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:/b - [2009/10/26 12:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:[b]64bit:/b - [2009/10/15 20:11:26 | 000,307,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:[b]64bit:/b - [2009/10/02 13:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:/b - [2009/10/02 13:33:48 | 000,946,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:[b]64bit:/b - [2009/09/22 17:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:[b]64bit:/b - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:[b]64bit:/b - [2009/09/09 00:31:52 | 006,204,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:[b]64bit:/b - [2009/07/30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:[b]64bit:/b - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:[b]64bit:/b - [2009/07/24 15:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:[b]64bit:/b - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:[b]64bit:/b - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:/b - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:/b - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:/b - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:/b - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:/b - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:/b - [2009/06/22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:[b]64bit:/b - [2009/06/19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:[b]64bit:/b - [2009/06/10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:[b]64bit:/b - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:[b]64bit:/b - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:/b - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:/b - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:/b - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:/b - [2009/05/20 18:04:56 | 000,202,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV - [2009/09/22 17:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
[color=#E56717]========== Standard Registry (SafeList) ==========/color
[color=#E56717]========== Internet Explorer ==========/color
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.com/webhp?gws_rd=ssl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = BB 74 2B 00 BF 22 B7 47 8E 87 56 F9 07 0F 60 D8 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/09/18 18:03:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\offerboxffx@offerbox.com: C:\Program Files (x86)\OfferBox\offerboxffx@offerbox.com [2010/09/21 22:22:30 | 000,000,000 | ---D | M]
[2010/09/21 21:58:49 | 000,000,000 | ---D | M] -- C:\Users\PC DE NATHALIE\AppData\Roaming\mozilla\Extensions
[2010/09/21 21:58:49 | 000,000,000 | ---D | M] -- C:\Users\PC DE NATHALIE\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:/b - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL ()
O2:[b]64bit:/b - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100930153137.dll (McAfee, Inc.)
O2:[b]64bit:/b - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll ()
O2 - BHO: (no name) - {002B74BB-22BF-47B7-8E87-56F9070F60D8} - C:\Windows\SysWOW64\credssp32.dll (Inprise Corporation)
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100930153137.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (54d6000e) - {CFB4473F-968D-3762-3E02-DDC7C75640EF} - C:\Windows\SysWOW64\comctl3232.dll (Inprise Corporation)
O2 - BHO: (OfferBox) - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Program Files (x86)\OfferBox\OfferBoxBHO.dll (Secure Digital Services Limited)
O3:[b]64bit:/b - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:[b]64bit:/b - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:[b]64bit:/b - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:[b]64bit:/b - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:/b - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:[b]64bit:/b - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:[b]64bit:/b - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:[b]64bit:/b - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:[b]64bit:/b - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:[b]64bit:/b - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:[b]64bit:/b - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:[b]64bit:/b - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:[b]64bit:/b - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:[b]64bit:/b - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IP Network] C:\Program Files (x86)\InstallPedia\lnetworker.exe ()
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [RTHDBPL] C:\Users\PC DE NATHALIE\AppData\Roaming\SysWin\lsass.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Search Advisor] C:\Program Files (x86)\Search Advisor\adgui.exe ()
O4 - HKCU..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - Startup: C:\Users\PC DE NATHALIE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DreamMail.lnk = D:\DreamMail4\DM2005.exe (DreamStudio)
O4 - Startup: C:\Users\PC DE NATHALIE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Users\PC DE NATHALIE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\PC DE NATHALIE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:[b]64bit:/b - Extra context menu item: Télécharger avec IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:[b]64bit:/b - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8:[b]64bit:/b - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:[b]64bit:/b - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:/b - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:[b]64bit:/b - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:[b]64bit:/b - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:/b - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll ()
O18:[b]64bit:/b - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ()
O18:[b]64bit:/b - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\fdSSDP32.dll) - C:\Windows\SysWOW64\fdSSDP32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\EBLib32.dll) - C:\Windows\SysWOW64\EBLib32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\framedyn32.dll) - C:\Windows\SysWOW64\framedyn32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\drmv2clt32.dll) - C:\Windows\SysWOW64\drmv2clt32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\DShowRdpFilter32.dll) - C:\Windows\SysWOW64\DShowRdpFilter32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dsuiext32.dll) - C:\Windows\SysWOW64\dsuiext32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dot3ui32.dll) - C:\Windows\SysWOW64\dot3ui32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dpnlobby32.dll) - C:\Windows\SysWOW64\dpnlobby32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dpnlobby32.dllch94uoma32.dll) - C:\Windows\SysWOW64\dpnlobby32.dllch94uoma32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dmloader32.dll) - C:\Windows\SysWOW64\dmloader32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dpnlobby32.dllch94uoma32.dllk9gnvmm5qcc32.dll) - C:\Windows\SysWOW64\dpnlobby32.dllch94uoma32.dllk9gnvmm5qcc32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dmrc32.dll) - C:\Windows\SysWOW64\dmrc32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dfscli32.dll) - C:\Windows\SysWOW64\dfscli32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dpnlobby32.dllch94uoma32.dllk9gnvmm5qcc32.dll1cqawb4qh8ht32.dll) - C:\Windows\SysWOW64\dpnlobby32.dllch94uoma32.dllk9gnvmm5qcc32.dll1cqawb4qh8ht32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dhcpcore632.dll) - C:\Windows\SysWOW64\dhcpcore632.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-032.dll) - C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-032.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dhcpcore632.dllvkjj3efn532.dll) - C:\Windows\SysWOW64\dhcpcore632.dllvkjj3efn532.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dpnlobby32.dllch94uoma32.dllk9gnvmm5qcc32.dll1cqawb4qh8ht32.dllb9ai4ho408r232.dll) - C:\Windows\SysWOW64\dpnlobby32.dllch94uoma32.dllk9gnvmm5qcc32.dll1cqawb4qh8ht32.dllb9ai4ho408r232.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\d3d10level932.dll) - C:\Windows\SysWOW64\d3d10level932.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dhcpcore632.dllvkjj3efn532.dlltzbznzf5n5ux32.dll) - C:\Windows\SysWOW64\dhcpcore632.dllvkjj3efn532.dlltzbznzf5n5ux32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\d3d10level932.dlljjtrt32.dll) - C:\Windows\SysWOW64\d3d10level932.dlljjtrt32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dhcpcore632.dllvkjj3efn532.dlltzbznzf5n5ux32.dll72ro832.dll) - C:\Windows\SysWOW64\dhcpcore632.dllvkjj3efn532.dlltzbznzf5n5ux32.dll72ro832.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\d3d10level932.dlljjtrt32.dlll4ll4gzd32.dll) - C:\Windows\SysWOW64\d3d10level932.dlljjtrt32.dlll4ll4gzd32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dhcpcore632.dllvkjj3efn532.dlltzbznzf5n5ux32.dll72ro832.dll0vwo9kp58vq0132.dll) - C:\Windows\SysWOW64\dhcpcore632.dllvkjj3efn532.dlltzbznzf5n5ux32.dll72ro832.dll0vwo9kp58vq0132.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\d3d10level932.dlljjtrt32.dlll4ll4gzd32.dll6e02oo7rrq81lm732.dll) - C:\Windows\SysWOW64\d3d10level932.dlljjtrt32.dlll4ll4gzd32.dll6e02oo7rrq81lm732.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\d3d10level932.dlljjtrt32.dlll4ll4gzd32.dll6e02oo7rrq81lm732.dllwt8c309q3y4732.dll) - C:\Windows\SysWOW64\d3d10level932.dlljjtrt32.dlll4ll4gzd32.dll6e02oo7rrq81lm732.dllwt8c309q3y4732.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\azroleui32.dll) - C:\Windows\SysWOW64\azroleui32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\cryptbase32.dll) - C:\Windows\SysWOW64\cryptbase32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\aticalcl32.dll) - C:\Windows\SysWOW64\aticalcl32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\BOOTVID32.dll) - C:\Windows\SysWOW64\BOOTVID32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\D3DX9_4232.dll) - C:\Windows\SysWOW64\D3DX9_4232.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dciman3232.dll) - C:\Windows\SysWOW64\dciman3232.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\C_IS202232.dll) - C:\Windows\SysWOW64\C_IS202232.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\d3d10level93232.dll) - C:\Windows\SysWOW64\d3d10level93232.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\comctl3232.dll) - C:\Windows\SysWOW64\comctl3232.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\connect32.dll) - C:\Windows\SysWOW64\connect32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\CertPolEng32.dll) - C:\Windows\SysWOW64\CertPolEng32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\cmicryptinstall32.dll) - C:\Windows\SysWOW64\cmicryptinstall32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\CertPolEng32.dll1s4ywwwymy232.dll) - C:\Windows\SysWOW64\CertPolEng32.dll1s4ywwwymy232.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\cmicryptinstall32.dlllnjprf0gy4a9gx32.dll) - C:\Windows\SysWOW64\cmicryptinstall32.dlllnjprf0gy4a9gx32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\CertPolEng32.dll1s4ywwwymy232.dll0jlcto2wu32.dll) - C:\Windows\SysWOW64\CertPolEng32.dll1s4ywwwymy232.dll0jlcto2wu32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\cmicryptinstall32.dlllnjprf0gy4a9gx32.dll0ghrfwhdj9132.dll) - C:\Windows\SysWOW64\cmicryptinstall32.dlllnjprf0gy4a9gx32.dll0ghrfwhdj9132.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\CertPolEng32.dll1s4ywwwymy232.dll0jlcto2wu32.dllfj9d1ea32.dll) - C:\Windows\SysWOW64\CertPolEng32.dll1s4ywwwymy232.dll0jlcto2wu32.dllfj9d1ea32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\cmicryptinstall32.dlllnjprf0gy4a9gx32.dll0ghrfwhdj9132.dlltsoa932.dll) - C:\Windows\SysWOW64\cmicryptinstall32.dlllnjprf0gy4a9gx32.dll0ghrfwhdj9132.dlltsoa932.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\CertPolEng32.dll1s4ywwwymy232.dll0jlcto2wu32.dllfj9d1ea32.dllpqp3jw1dgl32.dll) - C:\Windows\SysWOW64\CertPolEng32.dll1s4ywwwymy232.dll0jlcto2wu32.dllfj9d1ea32.dllpqp3jw1dgl32.dll (Inprise Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\cmicryptinstall32.dlllnjprf0gy4a9gx32.dll0ghrfwhdj9132.dlltsoa932.dllt3tkwj2v132.dll) - C:\Windows\SysWOW64\cmicryptinstall32.dlllnjprf0gy4a9gx32.dll0ghrfwhdj9132.dlltsoa932.dllt3tkwj2v132.dll (Inprise Corporation)
O20:[b]64bit:/b - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:/b - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:/b - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:[b]64bit:/b - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:[b]64bit:/b - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:/b - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:/b - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:/b - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
SafeBootMin:[b]64bit:/b AppMgmt - Service
SafeBootMin:[b]64bit:/b Base - Driver Group
SafeBootMin:[b]64bit:/b Boot Bus Extender - Driver Group
SafeBootMin:[b]64bit:/b Boot file system - Driver Group
SafeBootMin:[b]64bit:/b File system - Driver Group
SafeBootMin:[b]64bit:/b Filter - Driver Group
SafeBootMin:[b]64bit:/b HelpSvc - Service
SafeBootMin:[b]64bit:/b mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin:[b]64bit:/b MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin:[b]64bit:/b PCI Configuration - Driver Group
SafeBootMin:[b]64bit:/b PEVSystemStart - Service
SafeBootMin:[b]64bit:/b PNP Filter - Driver Group
SafeBootMin:[b]64bit:/b Primary disk - Driver Group
SafeBootMin:[b]64bit:/b procexp90.Sys - Driver
SafeBootMin:[b]64bit:/b sacsvr - Service
SafeBootMin:[b]64bit:/b SCSI Class - Driver Group
SafeBootMin:[b]64bit:/b System Bus Extender - Driver Group
SafeBootMin:[b]64bit:/b vmms - Service
SafeBootMin:[b]64bit:/b WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:/b {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:[b]64bit:/b {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:[b]64bit:/b {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:[b]64bit:/b {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:[b]64bit:/b {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:[b]64bit:/b {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:[b]64bit:/b {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:[b]64bit:/b {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:[b]64bit:/b {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:[b]64bit:/b {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:[b]64bit:/b {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:[b]64bit:/b {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:[b]64bit:/b {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:[b]64bit:/b {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:[b]64bit:/b {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:[b]64bit:/b {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:[b]64bit:/b {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:[b]64bit:/b AppMgmt - Service
SafeBootNet:[b]64bit:/b Base - Driver Group
SafeBootNet:[b]64bit:/b Boot Bus Extender - Driver Group
SafeBootNet:[b]64bit:/b Boot file system - Driver Group
SafeBootNet:[b]64bit:/b File system - Driver Group
SafeBootNet:[b]64bit:/b Filter - Driver Group
SafeBootNet:[b]64bit:/b HelpSvc - Service
SafeBootNet:[b]64bit:/b McMPFSvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:[b]64bit:/b mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:[b]64bit:/b MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet:[b]64bit:/b Messenger - Service
SafeBootNet:[b]64bit:/b mfefire - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SafeBootNet:[b]64bit:/b mfefirek - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:[b]64bit:/b mfefirek.sys - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:[b]64bit:/b mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:[b]64bit:/b mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:[b]64bit:/b mfevtp - C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SafeBootNet:[b]64bit:/b NDIS Wrapper - Driver Group
SafeBootNet:[b]64bit:/b NetBIOSGroup - Driver Group
SafeBootNet:[b]64bit:/b NetDDEGroup - Driver Group
SafeBootNet:[b]64bit:/b Network - Driver Group
SafeBootNet:[b]64bit:/b NetworkProvider - Driver Group
SafeBootNet:[b]64bit:/b PCI Configuration - Driver Group
SafeBootNet:[b]64bit:/b PEVSystemStart - Service
SafeBootNet:[b]64bit:/b PNP Filter - Driver Group
SafeBootNet:[b]64bit:/b PNP_TDI - Driver Group
SafeBootNet:[b]64bit:/b Primary disk - Driver Group
SafeBootNet:[b]64bit:/b procexp90.Sys - Driver
SafeBootNet:[b]64bit:/b rdsessmgr - Service
SafeBootNet:[b]64bit:/b sacsvr - Service
SafeBootNet:[b]64bit:/b SCSI Class - Driver Group
SafeBootNet:[b]64bit:/b Streams Drivers - Driver Group
SafeBootNet:[b]64bit:/b System Bus Extender - Driver Group
SafeBootNet:[b]64bit:/b TDI - Driver Group
SafeBootNet:[b]64bit:/b vmms - Service
SafeBootNet:[b]64bit:/b WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:/b WudfUsbccidDriver - Driver
SafeBootNet:[b]64bit:/b {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:[b]64bit:/b {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:[b]64bit:/b {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:[b]64bit:/b {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:[b]64bit:/b {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:[b]64bit:/b {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:[b]64bit:/b {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:[b]64bit:/b {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:[b]64bit:/b {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:[b]64bit:/b {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:[b]64bit:/b {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:[b]64bit:/b {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:[b]64bit:/b {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:[b]64bit:/b {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:[b]64bit:/b {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:[b]64bit:/b {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:[b]64bit:/b {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:[b]64bit:/b {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:[b]64bit:/b {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:[b]64bit:/b {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:[b]64bit:/b {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:[b]64bit:/b {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX:[b]64bit:/b {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:[b]64bit:/b {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:[b]64bit:/b {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:[b]64bit:/b {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:[b]64bit:/b {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:/b {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:[b]64bit:/b {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:[b]64bit:/b {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:[b]64bit:/b {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:/b {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:/b {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:[b]64bit:/b {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:/b {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:[b]64bit:/b {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:[b]64bit:/b {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:[b]64bit:/b {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:/b {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:/b {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:[b]64bit:/b {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:/b {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:[b]64bit:/b {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:/b >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:[b]64bit:/b >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:[b]64bit:/b >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX:[b]64bit:/b >{FE399E78-3452-4968-880D-2F8D8EDCC25F} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-44455354 -
et voici pour l'autre. pense tu que je sois sorti d'affaire?
OTL Extras logfile created on: 05/10/2010 13:17:03 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\PC DE NATHALIE\Documents\Downloads\Programs
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,85 Gb Total Space | 244,31 Gb Free Space | 82,03% Space Free | Partition Type: NTFS
Drive D: | 297,93 Gb Total Space | 289,12 Gb Free Space | 97,04% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 465,70 Gb Total Space | 409,37 Gb Free Space | 87,90% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PCDENATHALIE
Current User Name: PC DE NATHALIE
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
[color=#E56717]========== Shell Spawning ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[color=#E56717]========== System Restore Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[color=#E56717]========== Authorized Applications List ==========[/color]
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{4B5F58F7-C7D1-3CE3-9B37-B657F0852643}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}" = TOSHIBA ReelTime
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A39AE3AE-9808-39D2-AB7B-FF5F0335095E}" = Microsoft .NET Framework 4 Extended FRA Language Pack
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C260A1C3-EB49-F99A-38BA-B59C020D4609}" = ATI Catalyst Install Manager
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E27CF425-D27B-6ED6-D281-D8B26A404E67}" = ccc-utility64
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}" = TOSHIBA Bulletin Board
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Extended FRA
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00763F56-1FE5-DA9F-A43E-53F5D46D6E7E}" = CCC Help Dutch
"{02F2BA99-3AFA-F0E6-969B-E6443A469967}" = Catalyst Control Center InstallProxy
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{084144E0-8719-9E07-49F9-D728A7533B32}" = CCC Help Russian
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0CB58D13-A9CB-7599-DE28-D17205A3D381}" = Catalyst Control Center Graphics Previews Common
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{14555947-6F14-421F-8F61-6489E0FDFAE5}" = Toshiba TEMPRO
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{17342E3B-0818-4A6F-BFF8-99476605ADD6}" = livebox
"{1901B979-96F2-3330-D875-4803F233CF47}" = CCC Help Finnish
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1C84AB70-7851-D03E-14B0-2CE969DD6CBA}" = Photo Service - powered by myphotobook
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2404C7F8-65CC-9408-F08E-73996B998A7D}" = Catalyst Control Center Graphics Light
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{290CD70B-6E45-7381-CDC4-45E582F49C60}" = Catalyst Control Center Graphics Previews Vista
"{2FFDADDF-5107-5CB7-1E9C-66E881680F25}" = CCC Help Turkish
"{320F5494-8DB9-10CD-6122-05299B9A4DAD}" = Catalyst Control Center Graphics Full New
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{39987616-5DF2-CDFA-761C-75E66743CE80}" = CCC Help Portuguese
"{3B160861-7250-451E-B5EE-8B92BF30A710}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BCF8458-04BA-EBB7-3EDD-BFD188230DBE}" = CCC Help Czech
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{45D6FC55-A7CA-1EEA-C038-70998C3D190A}" = CCC Help Spanish
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{46D0CFB0-D3F7-6D32-8FBF-2F848F7ECA79}" = CCC Help Italian
"{4D76C6A4-A8AC-B6FF-C334-E6CBB7471C44}" = Catalyst Control Center Core Implementation
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{53173451-0DDE-97E9-B6FE-1D068DBF2AF8}" = CCC Help Chinese Standard
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{67753C59-3BB3-7CBB-7B10-F47CE982082F}" = CCC Help German
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6ABF4A27-C269-88EB-1CA8-5A1D78A2FF08}" = ccc-core-static
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{723166B3-1B80-4F9F-8D59-312A89633E0A}_is1" = Search Advisor
"{729166B3-1B80-4F9F-8D59-312A89633E0A}_is1" = Quick Web Player
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{767F1CF5-6140-BCF3-549E-69B273099EC9}" = CCC Help Polish
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7C4F9145-AEDA-55D4-3F5F-BCA89EA300E2}" = CCC Help Swedish
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D3D00A7-F448-D3A3-BC79-CD603AEBC2F5}" = CCC Help Danish
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9817543D-592D-CDA9-B8E5-E7BB8DA63F45}" = CCC Help Chinese Traditional
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9DA30596-3A38-06B3-5EA2-8AF4B4FE27F2}" = CCC Help Hungarian
"{A0A61E1A-47BA-DD0F-8B31-2BA14B059258}" = CCC Help Japanese
"{A2690E7C-D909-4AE6-7C84-F1AC267A9020}" = Catalyst Control Center Graphics Full Existing
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A35391E7-4D75-FD08-CBE4-0A9DFB944294}" = CCC Help Korean
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1036-7B44-A92000000001}" = Adobe Reader 9.2 - Français
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B2E581DB-C4DD-432C-AC84-ED761AC056BC}" = OpenOffice.org 3.1
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B5ACFC20-FA4B-3448-431E-D0107C55E435}" = CCC Help English
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D05CD952-F58E-D2AC-D6EA-4178331A356C}" = CCC Help Thai
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D408ADFE-DC5B-CA9A-4131-E4D870B07354}" = CCC Help Norwegian
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E8B28B89-FF29-9092-19BC-B2B6779FFA9F}" = Catalyst Control Center Localization All
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F7776077-24D8-A51B-1580-46BB742EE0BC}" = CCC Help Greek
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F92DCCC1-0371-916E-78A3-BF9788D39152}" = CCC Help French
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"DreamMail 4.6" = DreamMail 4.6
"eMule" = eMule
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.4
"Freemake Video Converter_is1" = Freemake Video Converter version 1.1.11
"FrostWire" = FrostWire 4.18.4
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Mot de passe responsable
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}" = TOSHIBA ReelTime
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}" = TOSHIBA Bulletin Board
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Internet Download Manager" = Internet Download Manager
"LimeWire" = LimeWire 5.5.14
"MSC" = McAfee Internet Security
"OfferBox" = OfferBox
"PhotoMail" = PhotoMail Maker
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WildTangent toshiba Master Uninstall" = Jeux WildTangent
"WinLiveSuite_Wave3" = Installation Windows Live
"WinX Video Converter_is1" = WinX Video Converter 4.5.4
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 18/09/2010 09:25:33 | Computer Name = PCDENATHALIE | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Échec de l'extraction de la liste racine tierce depuis le fichier
CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
la vérification par rapport à l'horloge système en cours ou le tampon daté dans
le fichier signé. .
Error - 18/09/2010 09:25:33 | Computer Name = PCDENATHALIE | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Échec de l'extraction de la liste racine tierce depuis le fichier
CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
la vérification par rapport à l'horloge système en cours ou le tampon daté dans
le fichier signé. .
Error - 18/09/2010 09:25:33 | Computer Name = PCDENATHALIE | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Échec de l'extraction de la liste racine tierce depuis le fichier
CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
la vérification par rapport à l'horloge système en cours ou le tampon daté dans
le fichier signé. .
Error - 18/09/2010 09:25:34 | Computer Name = PCDENATHALIE | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Échec de l'extraction de la liste racine tierce depuis le fichier
CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
la vérification par rapport à l'horloge système en cours ou le tampon daté dans
le fichier signé. .
Error - 19/09/2010 04:18:35 | Computer Name = PCDENATHALIE | Source = McLogEvent | ID = 5051
Description = Un thread du processus C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe a
mis plus de 90000 ms à effectuer une requête. Le processus va se terminer. ID du thread :
4140 (0x102c) Adresse du thread : 0x0000000076ED070A Message du thread : Build VSCORE.14.0.0.430
/ 5301.4018 Object being scanned = \Device\HarddiskVolume2\Windows\WinSxS\Temp\PendingRenames\786c80aa7b57cb01790200006c0a680e.WatAdminSvc.exe
by C:\Windows\servicing\TrustedInstaller.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)
7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 21/09/2010 03:10:43 | Computer Name = PCDENATHALIE | Source = Application Error | ID = 1000
Description = Nom de l'application défaillante iexplore.exe, version : 8.0.7600.16385,
horodatage : 0x4a5bc69e Nom du module défaillant : unknown, version : 0.0.0.0, horodatage
: 0x00000000 Code d'exception : 0xc0000005 Décalage d'erreur : 0x00000040 ID du processus
défaillant : 0x1998 Heure de début de l'application défaillante : 0x01cb59551be21b7b
Chemin
d'accès de l'application défaillante : C:\Program Files (x86)\Internet Explorer\iexplore.exe
Chemin
d'accès du module défaillant: unknown ID de rapport : 58c7d14c-c54f-11df-ae2d-705ab6bf687f
Error - 21/09/2010 04:26:32 | Computer Name = PCDENATHALIE | Source = SideBySide | ID = 16842832
Description = La création du contexte d'activation a échoué pour « C:\Users\PC DE
NATHALIE\Documents\Downloads\Programs\SoftonicDownloader43961.exe ». Erreur dans
le fichier de manifeste ou de stratégie « » à la ligne . Une version de composant
nécessaire à l'application est en conflit avec une autre version de composant déjà
active. Les composants en conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Composant
2 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Error - 23/09/2010 16:15:15 | Computer Name = PCDENATHALIE | Source = Google Update | ID = 20
Description =
Error - 24/09/2010 03:19:35 | Computer Name = PCDENATHALIE | Source = Application Error | ID = 1000
Description = Nom de l'application défaillante iexplore.exe, version : 8.0.7600.16385,
horodatage : 0x4a5bc69e Nom du module défaillant : OfferBoxBHO.dll, version : 2.1.2613.41,
horodatage : 0x4c46ef2a Code d'exception : 0xc0000005 Décalage d'erreur : 0x00007da1
ID
du processus défaillant : 0x1798 Heure de début de l'application défaillante : 0x01cb5bb8d54e5ffd
Chemin
d'accès de l'application défaillante : C:\Program Files (x86)\Internet Explorer\iexplore.exe
Chemin
d'accès du module défaillant: C:\Program Files (x86)\OfferBox\OfferBoxBHO.dll ID
de rapport : 15297b73-c7ac-11df-af08-705ab6bf687f
Error - 26/09/2010 13:42:30 | Computer Name = PCDENATHALIE | Source = Windows Backup | ID = 4103
Description =
[ System Events ]
Error - 27/09/2010 07:34:46 | Computer Name = PCDENATHALIE | Source = Service Control Manager | ID = 7009
Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
l'attente de la connexion du service Notebook Performance Tuning Service (TEMPRO).
Error - 27/09/2010 11:20:18 | Computer Name = PCDENATHALIE | Source = Ntfs | ID = 262199
Description = La structure du système de fichiers sur le disque est endommagée et
inutilisable. Exécutez l'utilitaire chkdsk sur le volume WINDOWS.
Error - 27/09/2010 14:32:49 | Computer Name = PCDENATHALIE | Source = DCOM | ID = 10016
Description =
Error - 27/09/2010 14:32:50 | Computer Name = PCDENATHALIE | Source = DCOM | ID = 10016
Description =
Error - 27/09/2010 14:32:51 | Computer Name = PCDENATHALIE | Source = DCOM | ID = 10016
Description =
Error - 27/09/2010 14:32:53 | Computer Name = PCDENATHALIE | Source = DCOM | ID = 10016
Description =
Error - 27/09/2010 14:32:54 | Computer Name = PCDENATHALIE | Source = DCOM | ID = 10016
Description =
Error - 27/09/2010 14:32:56 | Computer Name = PCDENATHALIE | Source = DCOM | ID = 10016
Description =
Error - 30/09/2010 09:33:42 | Computer Name = PCDENATHALIE | Source = DCOM | ID = 10010
Description =
Error - 30/09/2010 09:36:00 | Computer Name = PCDENATHALIE | Source = DCOM | ID = 10010
Description =
< End of report > -
Tu voudrais pas envoyer les rapports sur cijoint comme c'est demandé, car là c'est top pas lisible à lire \o
-
-
-
-
Tu n'as donné que Extrat là, pour rappel :
* Quand le scan est fini, utilise le site http://www.cijoint.fr/ pour me donner les deux rapports : OTL.Txt et Extras.Txt.
Pour les logiciels, je te donnerai des indications à la fin. -
-
-
Le PC est complètement infecté....
Je te réponds ce soir, je dois partir :)
-
-
j'ai parcouru ton blog qui est d'ailleurs tres clair et tres bien fait et j'ai été infecté par une banniere publicitaire "priceminister pour vente d'une ps3" car j'en cherche une pour mon mari.j'ai d'ailleurs trouvé cette pub bizarre car jamais je n'en n'avais eu.je ne cliquerais plus jamais sur une pub.
-
-
bon j'ai travaillé un peu en t'on absence.
j'ai appliqué norton power eraser il m'a detecté des fichiers infectés et les a supprimé sauf un je crois.je ne peux pas t'envoyer le rapport j'ai essayé mais trop lourd. -
ensuite j'ai appliqué ad remhttp://www.cijoint.fr/cjlink.php?file=cj201010/cijDyhchWA.txtover voici le rapport ;
-
bon apres j'ai fait malwarbyte's antimalwares ils me trouve 25 fichier infecté mais j'arrive pas a nettoyer voici le rapport : http://www.cijoint.fr/cjlink.php?file=cj201010/cijakwc0Co.txt
-
Ad-Remover sert à rien..
Arrete de t'éparpiller.... suis la procédure que je t'ai donnée.
-
-
voici le rapport pres nettoyage:Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4052
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
05/10/2010 19:04:52
mbam-log-2010-10-05 (19-04-52).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 119603
Temps écoulé: 5 minute(s), 6 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté) -
voici les rapports
http://www.cijoint.fr/cjlink.php?file=cj201010/cijg9LUvZk.txt
http://www.cijoint.fr/cjlink.php?file=cj201010/cijgec3iM6.txt
alors? -
Manque le rapport OTL de suppression, j'ai pas l'impression que tu as fait cette partie là.
-
-
le voici je crois:
Error: Unable to interpret <%ALLUSERSPROFILE%\Application Data\*. > in the current context!
Error: Unable to interpret <%ALLUSERSPROFILE%\Application Data\*.exe /s > in the current context!
Error: Unable to interpret <%APPDATA%\*. > in the current context!
Error: Unable to interpret <%APPDATA%\*.exe /s > in the current context!
Error: Unable to interpret <%SYSTEMDRIVE%\*.exe > in the current context!
Error: Unable to interpret <%systemroot%\*. /mp /s > in the current context!
Error: Unable to interpret <%systemroot%\system32\*.dll /lockedfiles > in the current context!
Error: Unable to interpret <%systemroot%\Tasks\*.job /lockedfiles > in the current context!
Error: Unable to interpret <%systemroot%\system32\drivers\*.sys /lockedfiles > in the current context!
Error: Unable to interpret <%systemroot%\System32\config\*.sav > in the current context!
OTL by OldTimer - Version 3.2.14.1 log created on 10052010_200213
- 1
- 2
- 3
Suivant
