Smart hdd
Résolu
virginie
-
kalimusic Messages postés 14619 Statut Contributeur sécurité -
kalimusic Messages postés 14619 Statut Contributeur sécurité -
Bonjour,
Je viens d'être infectée par smart hdd. j'ai suivi vos conseils : j'ai téléchargé roguekiller puis l'ai exécuté. pourriez-vous m'aider pour savoir ce que je dois supprimer. merci beaucoup
Virginie
ci-joint mon rapport :
RogueKiller V7.3.2 [20/03/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com
Systeme d'exploitation: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur: virginie [Droits d'admin]
Mode: Recherche -- Date: 03/04/2012 20:07:05
¤¤¤ Processus malicieux: 2 ¤¤¤
[WINDOW : SMART HDD] UOP6Q7OFCI7FGa.exe -- C:\ProgramData\UOP6Q7OFCI7FGa.exe -> KILLED [TermProc]
[SUSP PATH] bjKfkCpKrw.exe -- C:\ProgramData\bjKfkCpKrw.exe -> KILLED [TermProc]
¤¤¤ Entrees de registre: 21 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : bjKfkCpKrw.exe (C:\ProgramData\bjKfkCpKrw.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1984800957-1214177980-4100275150-1000[...]\Run : bjKfkCpKrw.exe (C:\ProgramData\bjKfkCpKrw.exe) -> FOUND
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver: [NON CHARGE] ¤¤¤
¤¤¤ Infection : Rogue.FakeHDD ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] a78bb144f868e1a3ec445f521b5579a2
[BSP] 04ae7abff77f9ac201cb120a53e115c6 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 821248 | Size: 238234 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 488724480 | Size: 238304 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[1].txt >>
RKreport[1].txt
Je viens d'être infectée par smart hdd. j'ai suivi vos conseils : j'ai téléchargé roguekiller puis l'ai exécuté. pourriez-vous m'aider pour savoir ce que je dois supprimer. merci beaucoup
Virginie
ci-joint mon rapport :
RogueKiller V7.3.2 [20/03/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com
Systeme d'exploitation: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur: virginie [Droits d'admin]
Mode: Recherche -- Date: 03/04/2012 20:07:05
¤¤¤ Processus malicieux: 2 ¤¤¤
[WINDOW : SMART HDD] UOP6Q7OFCI7FGa.exe -- C:\ProgramData\UOP6Q7OFCI7FGa.exe -> KILLED [TermProc]
[SUSP PATH] bjKfkCpKrw.exe -- C:\ProgramData\bjKfkCpKrw.exe -> KILLED [TermProc]
¤¤¤ Entrees de registre: 21 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : bjKfkCpKrw.exe (C:\ProgramData\bjKfkCpKrw.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1984800957-1214177980-4100275150-1000[...]\Run : bjKfkCpKrw.exe (C:\ProgramData\bjKfkCpKrw.exe) -> FOUND
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver: [NON CHARGE] ¤¤¤
¤¤¤ Infection : Rogue.FakeHDD ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] a78bb144f868e1a3ec445f521b5579a2
[BSP] 04ae7abff77f9ac201cb120a53e115c6 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 821248 | Size: 238234 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 488724480 | Size: 238304 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[1].txt >>
RKreport[1].txt
11 réponses
-
Bonsoir,
1. Relance RogueKiller.exe
● Clique sur Suppression
● Clique sur Rapport pour l'ouvrir
2. Relance RogueKiller.exe
● Clique sur Racc. RAZ
● Clique sur Rapport pour l'ouvrir
3. Copie/colle les 2 rapports dans ton prochain message.
Dis moi si tu as retrouvé ton bureau, tes dossiers, le menu démarrer, etc...
A +-
je n'ai toujours pas récupérer mon menu démarrer, le reste est ok
voici mes rapports :
RogueKiller V7.3.2 [20/03/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com
Systeme d'exploitation: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur: virginie [Droits d'admin]
Mode: Raccourcis RAZ -- Date: 03/04/2012 20:35:06
¤¤¤ Processus malicieux: 0 ¤¤¤
¤¤¤ Driver: [NON CHARGE] ¤¤¤
¤¤¤ Attributs de fichiers restaures: ¤¤¤
Bureau: Success 0 / Fail 0
Lancement rapide: Success 0 / Fail 0
Programmes: Success 0 / Fail 0
Menu demarrer: Success 0 / Fail 0
Dossier utilisateur: Success 14 / Fail 0
Mes documents: Success 0 / Fail 0
Mes favoris: Success 0 / Fail 0
Mes images: Success 0 / Fail 0
Ma musique: Success 0 / Fail 0
Mes videos: Success 0 / Fail 0
Disques locaux: Success 1 / Fail 0
Sauvegarde: [FOUND] Success 0 / Fail 257
Lecteurs:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[Q:] \Device\SftVol -- 0x3 --> Restored
¤¤¤ Infection : Rogue.FakeHDD ¤¤¤
Termine : << RKreport[7].txt >>
RKreport[1].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt
et le dernier
RogueKiller V7.3.2 [20/03/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com
Systeme d'exploitation: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur: virginie [Droits d'admin]
Mode: Recherche -- Date: 03/04/2012 20:35:25
¤¤¤ Processus malicieux: 0 ¤¤¤
¤¤¤ Entrees de registre: 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver: [NON CHARGE] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] a78bb144f868e1a3ec445f521b5579a2
[BSP] 04ae7abff77f9ac201cb120a53e115c6 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 821248 | Size: 238234 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 488724480 | Size: 238304 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[8].txt >>
RKreport[1].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ;
RKreport[8].txt
-
-
ok,
Surtout n'utilise pas de logiciel comme Ccleaner, on va essayer de récupérer ce qui manque ensuite. Nous allons utiliser cet outil de diagnostic :
Télécharge OTL (de OldTimer) sur ton Bureau.
Ferme toutes tes applications en cours
● Lance OTL.exe
- Sous XP double-clic sur l'icône pour lancer l'outil.
- Sous Vista/Seven clic-droit sur l'icône et choisir "Exécuter en tant qu'administrateur" dans le menu contextuel.
● L'interface principale s'ouvre :
● Dans la section Rapport en haut à droite de la fenêtre, coche Rapport minimal
● Coche la case également Tous les utilisateurs
● Laisse tous les autres paramètres par défaut
● Dans la partie du bas "Personnalisation", copie/colle la liste en citation :
msconfig safebootminimal safebootnetwork /md5start volsnap.* explorer.exe winlogon.exe userinit.exe svchost.exe consrv.dll /md5stop %temp%\*.exe /s %ALLUSERSPROFILE%\Application Data\*.exe /s %ALLUSERSPROFILE%\Application Data\*. %APPDATA%\*.exe /s %APPDATA%\*. %SYSTEMDRIVE%\*.exe %systemroot%\Tasks\*.* /s %temp%\smtmp\*.* /s hklm\system\CurrentControlSet\Services\lanmanserver\parameters /s hklm\system\CurrentControlSet\Control\Session Manager\SubSystems /s hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT
● Clique sur le bouton Analyse rapide, patiente pendant le balayage du système.
● 2 rapports vont s'ouvrir au format bloc-note :
OTL.txt (qui sera affiché) ainsi que Extras.txt (réduit dans la barre des tâches)
● Ne les poste pas sur le forum, ils seraient trop long
● Héberge les sur un des sites suivants :
https://www.cjoint.com/
http://pjjoint.malekal.com/
http://threat-rc.com/
https://textup.fr/
● Tu obtiendras 2 liens que tu me donneras dans ton prochain message.
A +
-
Virginie,
On supprimer les restes du rogue et on essaye de récupérer les raccourcis du menu démarrer.
1. Relance OTL
- Sous XP double-clic sur l'icône pour lancer l'outil.
- Sous Vista/Seven clic-droit sur l'icône et choisir "Exécuter en tant qu'administrateur" dans le menu contextuel.
● Dans la partie "Personnalisation", copie/colle les instructions hébergées ici
● Clique sur le bouton Correction.
● Patiente pendant le travail de l'outil, il doit ensuite redémarrer le PC.
● Accepte en cliquant sur OK.
● Le rapport indiquant les actions réalisées par OTL doit s'ouvrir spontanément.
Tu peux le retrouver le fichier à la racine du disque dans ce dossier : C:\_OTL\MovedFiles
A +-
hélas, pas d'amélioration sur mon menu démarrer : les icones sont toujours absentes. je peux retrouver mes fichiers uniquement en faisant une recherche.
dernier rapport OTL :
========== OTL ==========
C:\Users\virginie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD folder moved successfully.
C:\ProgramData\UOP6Q7OFCI7FGa moved successfully.
C:\ProgramData\-UOP6Q7OFCI7FGar moved successfully.
C:\ProgramData\-UOP6Q7OFCI7FGa moved successfully.
C:\Users\virginie\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk moved successfully.
C:\Users\virginie\Desktop\SMART_HDD.lnk moved successfully.
C:\ProgramData\UOP6Q7OFCI7FGa.exe moved successfully.
C:\ProgramData\bjKfkCpKrw.exe moved successfully.
C:\Users\virginie\AppData\Local\Temp\MyBabylonTB.exe moved successfully.
C:\Users\virginie\AppData\Local\Temp\SetupDataMngr_Searchqu.exe moved successfully.
========== FILES ==========
[color=#A23BEC]< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >[/color]
0 fichier(s) copi'(s)
C:\Users\virginie\Downloads\cmd.bat deleted successfully.
C:\Users\virginie\Downloads\cmd.txt deleted successfully.
[color=#A23BEC]< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >[/color]
0 fichier(s) copi'(s)
C:\Users\virginie\Downloads\cmd.bat deleted successfully.
C:\Users\virginie\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.39.2 log created on 04032012_212118
-
-
L'outil a échoué, il faut le faire manuellement.
Afficher les fichiers cachés et fichiers système -Windows 7 - Vista
Tes raccourcis qui se trouvaient sur le bureau, sont dans ce dossier :
C:\Users\virginie\AppData\Local\Temp\smtmp\4
A remettre sur ton bureau
Les raccourcis du menu démarrer sont dans celui-là :
C:\Users\virginie\AppData\Local\Temp\smtmp\1
Tu dois avoir 3 fichiers :
Default Programs.lnk
desktop.ini
Windows Update.lnk
Et ce dossier : Programs
Le dossier Menu Démarrer se trouve dans :
C:\ProgramData\Microsoft\Windows\Menu Démarrer
A + -
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question -
RogueKiller aurait du le faire au début (c'était la solution globale)
Tu n'as pas pu les récupérer pour les replacer dans leur emplacement d'origine ?
Ce n'est pas tout à fait fini sinon.
A + -
Afficher les dossiers cachés te permet juste de naviguer sur ton DD pour aller prendre les fichiers déplacés par le rogue et les remettre au bon endroit.
Relance OTL
- Sous XP double-clic sur l'icône pour lancer l'outil.
- Sous Vista/Seven clic-droit sur l'icône et choisir "Exécuter en tant qu'administrateur" dans le menu contextuel.
● Dans la partie du bas "Personnalisation", copie/colle :
%Temp%\smtmp\1\*.* %Temp%\smtmp\2\*.* %Temp%\smtmp\3\*.* %Temp%\smtmp\4\*.*
● Clique sur le bouton Aucun puis Analyse.
● Un nouveau rapport OTL.txt va s'ouvrir au format bloc-note.
● Copie/colle le dans ton prochain message.
A +
«La raison et la logique ne peuvent rien contre l'entêtement et la sottise.»-
nouveau rapport :
OTL logfile created on: 03/04/2012 22:43:18 - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\virginie\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
3,87 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 55,84% Memory free
7,73 Gb Paging File | 5,74 Gb Available in Paging File | 74,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,65 Gb Total Space | 143,49 Gb Free Space | 61,67% Space Free | Partition Type: NTFS
Drive D: | 232,72 Gb Total Space | 223,72 Gb Free Space | 96,13% Space Free | Partition Type: NTFS
Computer Name: VIRGINIE-TOSH | User Name: virginie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========/color
PRC - C:\Users\virginie\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
[color=#E56717]========== Modules (No Company Name) ==========/color
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
[color=#E56717]========== Win32 Services (SafeList) ==========/color
SRV:[b]64bit:/b - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:[b]64bit:/b - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:[b]64bit:/b - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:[b]64bit:/b - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:[b]64bit:/b - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:[b]64bit:/b - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:[b]64bit:/b - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:[b]64bit:/b - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)
SRV:[b]64bit:/b - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:[b]64bit:/b - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (NAUpdate) @c:\Program Files (x86) -- c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
[color=#E56717]========== Driver Services (SafeList) ==========/color
DRV:[b]64bit:/b - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:[b]64bit:/b - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:[b]64bit:/b - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:[b]64bit:/b - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:[b]64bit:/b - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:[b]64bit:/b - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:[b]64bit:/b - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:[b]64bit:/b - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:[b]64bit:/b - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:[b]64bit:/b - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:[b]64bit:/b - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:[b]64bit:/b - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:/b - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:/b - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:[b]64bit:/b - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:/b - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:[b]64bit:/b - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV:[b]64bit:/b - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:[b]64bit:/b - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:[b]64bit:/b - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:[b]64bit:/b - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:[b]64bit:/b - (CnxtHdmiAudService) -- C:\Windows\SysNative\drivers\CHDMI64.sys (Conexant Systems Inc.)
DRV:[b]64bit:/b - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:[b]64bit:/b - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:[b]64bit:/b - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:[b]64bit:/b - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:[b]64bit:/b - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:[b]64bit:/b - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:/b - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:/b - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:[b]64bit:/b - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:/b - (FwLnk) -- C:\Windows\SysNative\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV:[b]64bit:/b - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV:[b]64bit:/b - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV:[b]64bit:/b - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:[b]64bit:/b - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:[b]64bit:/b - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:[b]64bit:/b - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:/b - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:/b - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:/b - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:/b - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
[color=#E56717]========== Standard Registry (SafeList) ==========/color
[color=#E56717]========== Internet Explorer ==========/color
IE:[b]64bit:/b - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE:[b]64bit:/b - HKLM\..\SearchScopes\{72AD5B6B-06CB-48F9-A309-EB974D7F82D2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE:[b]64bit:/b - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&q={searchTerms}
IE - HKLM\..\SearchScopes\{A11A9EAF-53C6-4E51-9EB5-D3FEA28123FD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKCU\..\SearchScopes,DefaultScope = {E0163EB4-17E8-4C85-AC0A-D81AC26B2C1B}
IE - HKCU\..\SearchScopes\{E0163EB4-17E8-4C85-AC0A-D81AC26B2C1B}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[color=#E56717]========== FireFox ==========/color
FF:[b]64bit:/b - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:[b]64bit:/b - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:/b - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:/b - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\virginie\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\virginie\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/03/13 19:23:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/03/13 19:23:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/22 21:49:34 | 000,000,000 | ---D | M]
[color=#E56717]========== Chrome ==========/color
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\virginie\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\virginie\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\virginie\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\virginie\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\virginie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Recherche Google = C:\Users\virginie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Users\virginie\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: \u003Cvideo\u003E HTML5 DivX Plus Web Player = C:\Users\virginie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\virginie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:/b - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:[b]64bit:/b - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:[b]64bit:/b - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:[b]64bit:/b - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:[b]64bit:/b - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:[b]64bit:/b - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:[b]64bit:/b - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:[b]64bit:/b - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:[b]64bit:/b - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:[b]64bit:/b - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:[b]64bit:/b - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:[b]64bit:/b - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:[b]64bit:/b - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:[b]64bit:/b - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:[b]64bit:/b - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:[b]64bit:/b - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:[b]64bit:/b - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:[b]64bit:/b - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:[b]64bit:/b - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:[b]64bit:/b - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:[b]64bit:/b - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanalPlayer] "C:\Program Files (x86)\Lecteur CANALPLAY\CanalPlayer.exe" File not found
O4 - HKLM..\Run: [CanalPlayerHelper] C:\Program Files (x86)\Lecteur CANALPLAY\CanalPlayerHelper.exe File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - Startup: C:\Users\virginie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:[b]64bit:/b - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:/b - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7F46E42-55D3-4F9A-9037-A34ACBD89F17}: DhcpNameServer = 192.168.1.254
O18:[b]64bit:/b - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:/b - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:/b - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:/b - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:/b - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:[b]64bit:/b - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:/b - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:[b]64bit:/b - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:/b - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:/b - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:/b - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:[b]64bit:/b - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:/b - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:/b - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:/b - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:/b - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color
[2012/04/03 21:21:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/03 20:06:48 | 000,000,000 | ---D | C] -- C:\Users\virginie\Desktop\RK_Quarantine
[2012/04/03 18:03:07 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{3E6ABBA0-4832-465F-A0A0-19CF3B717934}
[2012/04/02 21:34:08 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{055C1FA1-F547-445D-8EB7-D25B931B5A79}
[2012/03/31 19:57:08 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{186A7C1A-BD68-40C5-8CD7-C3AF1B822B57}
[2012/03/31 07:56:40 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{FA86A3F1-270B-4448-AB9E-F407557B6E12}
[2012/03/30 21:04:11 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Roaming\eTeks
[2012/03/30 20:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D
[2012/03/30 20:53:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sweet Home 3D
[2012/03/30 16:47:14 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{FCBBFF04-DBDF-47A5-84B0-4F4E7D475DD8}
[2012/03/29 20:34:24 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{4AA87D5A-C6F1-4DC1-946D-D2B8CA438232}
[2012/03/28 17:58:19 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{3193935D-C467-4989-90B7-93BE99924E69}
[2012/03/28 17:57:41 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{A6AC1BE7-4F42-454E-B078-817CC5A40051}
[2012/03/27 21:35:04 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{CF4889F0-E63E-474D-80EE-8F192635B34F}
[2012/03/27 21:34:28 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{AF099E03-CB84-4557-915C-328262938EEC}
[2012/03/27 07:50:10 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{6662F833-4427-47AB-9E05-B59F71F0F1F0}
[2012/03/27 07:49:27 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{99B0446C-AA2F-4CF2-A978-8197C5CCB586}
[2012/03/26 20:15:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/03/26 20:15:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/03/26 18:55:52 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{2523F6EB-6E61-4EAB-94C1-EADD8F68836A}
[2012/03/26 18:54:40 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{D0B9AFFC-AF43-41FF-A1A7-5093195F5F39}
[2012/03/25 22:12:41 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{EB6AC537-5958-4618-8592-DEBB1BCE32CC}
[2012/03/25 08:29:43 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{E87BE7EB-FF38-484C-BD63-82E85E6DB7B4}
[2012/03/24 17:41:54 | 000,000,000 | ---D | C] -- C:\Users\virginie\Documents\My Digital Editions
[2012/03/24 15:16:45 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{A7F58FBA-12E4-45C0-9A61-6DF8EAC9C160}
[2012/03/24 15:15:23 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{4E63D730-A913-4B26-BD19-8B48CE9730F4}
[2012/03/23 17:45:46 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{B4D5891D-8E30-450D-84E7-27193D4C3626}
[2012/03/23 17:44:42 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{0EFB383A-AC93-49F5-9327-D47337D94302}
[2012/03/22 21:52:23 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Roaming\DivX
[2012/03/22 21:50:28 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\DDMSettings
[2012/03/22 21:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/03/22 21:48:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2012/03/22 21:43:25 | 000,927,072 | ---- | C] (DivX, LLC) -- C:\Users\virginie\Desktop\DivXWebPlayerInstaller.exe
[2012/03/22 20:21:39 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{F35DA64A-2A48-4F2A-B29C-D25C3FFD1D95}
[2012/03/22 20:20:32 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{4EBB26D3-306A-4E51-B982-78F716B95EC9}
[2012/03/21 20:26:00 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{88C71A65-BE54-49F4-ABBA-1F6DE54EA645}
[2012/03/21 20:25:08 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{7F0F57B3-5A0F-4EF7-97F1-760ABE21BA60}
[2012/03/20 20:13:05 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{E6D330D9-F0AF-41C3-9EBE-E5CEF56CB170}
[2012/03/20 20:12:44 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{27D698D0-6A52-4189-BB00-0FE8D93A107C}
[2012/03/20 08:12:19 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{43552F85-EA62-4CB4-A621-7EBA69B6EB75}
[2012/03/19 20:11:38 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{C36DC6D7-673A-4837-94AE-931F280BFE78}
[2012/03/19 20:11:24 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{56313588-E6D2-4704-86B0-B472E83DF529}
[2012/03/18 22:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TVU Networks
[2012/03/18 19:42:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veetle
[2012/03/18 19:31:52 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\TVU Networks
[2012/03/18 18:21:19 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{EC65BC53-23B0-4205-A2BE-717E9A04A3ED}
[2012/03/18 18:20:55 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{5B8DC671-7DBB-451F-BCDB-F5BFDAB26D70}
[2012/03/17 07:11:04 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{DF55D112-D847-4B29-B2A3-3F442CD68EA0}
[2012/03/16 19:10:15 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{B40EE6C1-3994-4C81-938D-9C09B086784D}
[2012/03/16 19:09:54 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{979186E0-2BA0-4C66-97E2-6CB176A32F0F}
[2012/03/16 07:09:28 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{0AEDF854-0DD8-4C1F-B497-0F3F55E88B57}
[2012/03/15 18:59:59 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{AEBF5F47-6B2C-4FA6-A827-F2476A76C0C6}
[2012/03/15 18:59:46 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{F25C9848-0ABD-407F-8C9F-9EF01EF41E00}
[2012/03/14 20:12:46 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/14 20:12:45 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/14 20:12:44 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/14 20:08:56 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/14 20:07:50 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/14 20:07:50 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/14 20:07:50 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/14 20:07:49 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/14 20:07:48 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/14 20:03:10 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{2279FD51-3B12-45C8-92E0-57BBF849F509}
[2012/03/14 20:02:31 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{438F76D0-8552-4ED6-BC25-EFCF6A9127FF}
[2012/03/14 07:10:51 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{4E1EF53C-2850-4E29-9BD1-8F978E3523FE}
[2012/03/14 07:10:29 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{C2962013-4991-480A-9DEC-B7EA39C93B54}
[2012/03/13 19:10:05 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{06E42717-17AA-453E-9EF9-9C0C5B24E39E}
[2012/03/13 19:09:29 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{3A7ECB72-0F52-47AF-9DF2-25EBEDEB0B23}
[2012/03/13 07:09:04 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{95993C8F-F543-4AE8-817B-9199876B703C}
[2012/03/12 18:34:48 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{BC5A518E-EEA1-4A88-BD32-B7C36FB958D4}
[2012/03/12 18:33:38 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{76CAB4CC-DF62-4DC9-82D8-47660C5F7CFD}
[2012/03/11 23:11:27 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{BE9C603B-A8E0-4F97-8800-B73EBEB50F3D}
[2012/03/11 11:10:51 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{9764AD5E-35FC-4300-B7BE-6B4895C17A71}
[2012/03/11 11:10:30 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{86F0CF03-6A2B-4B21-BE77-00666987B9EC}
[2012/03/10 23:09:56 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{31D4810A-12E3-4FC9-B46D-177769690DDF}
[2012/03/10 23:09:35 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{3BF048AD-AA4F-4C65-8AA3-416E8E257B32}
[2012/03/10 10:07:16 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{27EC7E64-14B7-473E-BE9D-9A399153B9B2}
[2012/03/09 22:06:37 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{48B3C063-874A-4AFF-8DED-23ED6BC584E1}
[2012/03/09 22:06:25 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{377E193A-B50F-4A8B-B86E-D4B64EC32E29}
[2012/03/07 07:02:47 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{351496DB-5325-41F0-9617-4B08CC87CB25}
[2012/03/07 07:02:25 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{B9CC6D20-CC6E-461A-8193-9227704B4E6F}
[2012/03/06 19:01:46 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{40EA1400-3FF9-46E3-A886-D521F3BDF95F}
[2012/03/06 19:01:34 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{D787C88D-5BAD-45DB-8FD3-CA8565A161A6}
[2012/03/05 22:03:07 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{C714A8CF-EAA6-4B4B-B48C-C4332D3FAB6C}
[2012/03/05 22:02:54 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{BB234AF7-BEF7-427B-ACAA-249B760D2BD9}
[2012/03/05 06:47:43 | 000,000,000 | ---D | C] -- C:\Users\virginie\AppData\Local\{6BE80BAB-0995-4CC1-8775-E59B082ADD39}
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========/color
[2012/04/03 22:45:00 | 000,001,090 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1984800957-1214177980-4100275150-1000UA.job
[2012/04/03 22:20:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/03 21:56:21 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/03 21:56:21 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/03 21:54:23 | 001,551,488 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/03 21:54:23 | 000,705,166 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/04/03 21:54:23 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/03 21:54:23 | 000,131,182 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/04/03 21:54:23 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/03 21:49:04 | 000,002,046 | ---- | M] () -- C:\Users\virginie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
[2012/04/03 21:48:40 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/03 21:48:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/03 21:48:11 | 3112,587,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/03 19:45:00 | 000,001,038 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1984800957-1214177980-4100275150-1000Core.job
[2012/04/02 00:30:25 | 000,002,429 | ---- | M] () -- C:\Users\virginie\Desktop\Google Chrome.lnk
[2012/03/31 23:07:16 | 002,760,928 | ---- | M] () -- C:\Users\virginie\Documents\appt maman.sh3d
[2012/03/30 22:47:13 | 002,790,577 | ---- | M] () -- C:\Users\virginie\Documents\appt virginie.sh3d
[2012/03/30 20:54:04 | 000,001,146 | ---- | M] () -- C:\Users\virginie\Desktop\Sweet Home 3D.lnk
[2012/03/22 21:49:40 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012/03/22 21:49:40 | 000,001,629 | ---- | M] () -- C:\Users\virginie\Desktop\DivX Movies.lnk
[2012/03/22 21:49:17 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012/03/22 21:43:30 | 000,927,072 | ---- | M] (DivX, LLC) -- C:\Users\virginie\Desktop\DivXWebPlayerInstaller.exe
[2012/03/16 17:51:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/03/14 21:17:57 | 000,282,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/07 02:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/07 02:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/03/07 02:15:03 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/03/07 02:04:06 | 000,819,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/03/07 02:04:04 | 000,337,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/03/07 02:02:20 | 000,053,080 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/03/07 02:01:57 | 000,059,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/03/07 02:01:52 | 000,069,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/03/07 02:01:32 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========/color
[2012/04/03 20:08:25 | 000,002,713 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2012/04/03 20:08:25 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/03 20:08:25 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/04/03 20:08:25 | 000,002,127 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012/04/03 20:08:25 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\Manual.lnk
[2012/04/03 20:08:25 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/04/03 20:08:25 | 000,001,848 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/04/03 20:08:25 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/03 20:08:25 | 000,001,761 | ---- | C] () -- C:\Users\Public\Desktop\Choix de navigateur .lnk
[2012/04/03 20:08:25 | 000,001,280 | ---- | C] () -- C:\Users\Public\Desktop\Kitchbi.lnk
[2012/04/03 20:08:25 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/04/03 20:08:25 | 000,001,237 | ---- | C] () -- C:\Users\Public\Desktop\Atelier Photo FNAC.lnk
[2012/04/03 20:08:25 | 000,001,227 | ---- | C] () -- C:\Users\Public\Desktop\Ma Galerie Photo.lnk
[2012/04/03 20:08:25 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012/04/03 20:08:25 | 000,001,041 | ---- | C] () -- C:\Users\Public\Desktop\Delivery Reader.lnk
[2012/04/03 20:08:25 | 000,001,006 | ---- | C] () -- C:\Users\Public\Desktop\eMule.lnk
[2012/04/03 20:08:24 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visionneuse Microsoft PowerPoint .lnk
[2012/04/03 20:08:24 | 000,002,537 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/04/03 20:08:24 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/04/03 20:08:24 | 000,001,485 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/04/03 20:08:24 | 000,001,381 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/04/03 20:08:24 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/04/03 20:08:24 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/04/03 20:08:24 | 000,001,312 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/04/03 20:08:24 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/04/03 20:08:23 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012/04/03 20:08:23 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/04/03 20:08:22 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2012/04/03 20:08:22 | 000,001,387 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk
[2012/04/03 20:08:22 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/04/03 20:08:21 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/04/03 20:08:21 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/04/03 20:08:21 | 000,002,201 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions.lnk
[2012/03/30 21:27:13 | 002,790,577 | ---- | C] () -- C:\Users\virginie\Documents\appt virginie.sh3d
[2012/03/30 21:26:25 | 002,760,928 | ---- | C] () -- C:\Users\virginie\Documents\appt maman.sh3d
[2012/03/30 20:54:04 | 000,001,146 | ---- | C] () -- C:\Users\virginie\Desktop\Sweet Home 3D.lnk
[2012/03/26 20:15:10 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/26 20:15:10 | 000,001,068 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/22 21:49:40 | 000,001,629 | ---- | C] () -- C:\Users\virginie\Desktop\DivX Movies.lnk
[2011/09/25 08:50:58 | 006,847,114 | ---- | C] () -- C:\Users\virginie\AppData\Local\census.cache
[2011/09/25 08:46:00 | 000,112,732 | ---- | C] () -- C:\Users\virginie\AppData\Local\ars.cache
[2011/09/24 20:39:21 | 000,000,036 | ---- | C] () -- C:\Users\virginie\AppData\Local\housecall.guid.cache
[2011/09/24 17:36:05 | 000,000,074 | ---- | C] () -- C:\Windows\DeliveryReader.INI
[2011/05/31 07:15:02 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/03/13 20:21:09 | 001,578,974 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/21 11:45:06 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2010/11/09 15:24:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/09 12:45:28 | 000,002,012 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[color=#E56717]========== Custom Scans ==========/color
[color=#A23BEC]< >/color
[color=#A23BEC]< %Temp%\smtmp\1\*.* >/color
[2009/07/14 07:01:14 | 000,001,282 | ---- | M] () -- C:\Users\virginie\AppData\Local\Temp\smtmp\1\Default Programs.lnk
[2009/07/14 07:01:14 | 000,000,442 | -HS- | M] () -- C:\Users\virginie\AppData\Local\Temp\smtmp\1\desktop.ini
[2009/07/14 06:49:40 | 000,001,266 | ---- | M] () -- C:\Users\virginie\AppData\Local\Temp\smtmp\1\Windows Update.lnk
[color=#A23BEC]< %Temp%\smtmp\2\*.* >/color
[color=#A23BEC]< %Temp%\smtmp\3\*.* >/color
[color=#A23BEC]< %Temp%\smtmp\4\*.* >/color
[2012/01/14 01:21:37 | 000,002,021 | ---- | M] () -- C:\Users\virginie\AppData\Local\Temp\smtmp\4\Adobe Reader 9.lnk
[2011/03/31 22:53:53 | 000,001,237 | ---- | M] () -- C:\Users\virginie\AppData\Local\Temp\smtmp\4\Atelier Photo FNAC.lnk
[2011/07/01 00:15:52 | 000,001,848 | ---- | M] () -- C:\Users\virginie\AppData\Local\Temp\smtmp\4\avast! Free Antivirus.lnk
[2011/03/13 20:15:29 | 000,001,761 | ---- | M] () -- C:\Users\virginie\AppData\Local\Temp\smtmp\4\Choix de navigateur .lnk
[2011/09/25 08:18:15 | 000,001,041 | ---- | M] () -- C:\Users\virginie\AppData\Local\Temp\smtmp\4\Delivery Reader.lnk
[2010/11/09 14:37:53 | 000,000,490 | -HS- | M] () -- C:\Users\virginie\AppData\Local\Temp\smtmp\4\desktop.ini
[2012/03/22 21:49:40 | 000,002,127 | ---- | M] () -- C:\Users\virginie\AppData\Local\Temp\smtmp\4\DivX Plus Converter.lnk
[2012/03/22 21:49:17 | 000,001,123 | ---- | M] () -- C:\Users\virginie\AppData\Local\Temp\smtmp\4\DivX Plus Player.lnk
[2011/06/10 20:33:16 | 000,001,006 | ---- | M] () -- C:\Users\virginie\AppData\Local\Temp\smtmp\4\eMule.lnk
[2011/05/09 21:31:22 | 000,001,790 | ---- | M] () -- C:\Users\virginie\AppData\Local\Temp\smtmp\4\iTunes.lnk
[2011/03/12 14:12:28 | 000,001,280 | ---- | M] () -- C:\Users\virginie\AppData\Local\Temp\smtmp\4\Kitchbi.lnk
[2011/03/31 22:53:53 | 000,001,227 | ---- | M] () -- C:\Users\virginie\AppData\Local\Temp\smtmp\4\Ma Galerie Photo.lnk
[2010/11/09 14:24:49 | 000,002,037 | ---- | M] () -- C:\Users\virginie\AppData\Local\Temp\smtmp\4\Manual.lnk
[2010/11/09 14:35:01 | 000,002,713 | ---- | M] () -- C:\Users\virginie\AppData\Local\Temp\smtmp\4\Nero StartSmart 10.lnk
[2011/05/09 21:25:55 | 000,002,491 | ---- | M] () -- C:\Users\virginie\AppData\Local\Temp\smtmp\4\Safari.lnk
[2011/03/12 14:45:39 | 000,002,515 | ---- | M] () -- C:\Users\virginie\AppData\Local\Temp\smtmp\4\Skype.lnk
< End of report >
-
-
On va retenter comme ça, il reste des fichiers.
Relance OTL
- Sous XP double-clic sur l'icône pour lancer l'outil.
- Sous Vista/Seven clic-droit sur l'icône et choisir "Exécuter en tant qu'administrateur" dans le menu contextuel.
● Dans la partie "Personnalisation", copie/colle les instructions suivantes :
:Files xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
● Clique sur le bouton Correction.
● Accepte en cliquant sur OK.
● Le rapport indiquant les actions réalisées par OTL doit s'ouvrir spontanément.
A +-
ca veut dire que tout est ok ?
========== FILES ==========
[color=#A23BEC]< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >[/color]
0 fichier(s) copi'(s)
C:\Users\virginie\Downloads\cmd.bat deleted successfully.
C:\Users\virginie\Downloads\cmd.txt deleted successfully.
[color=#A23BEC]< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >[/color]
0 fichier(s) copi'(s)
C:\Users\virginie\Downloads\cmd.bat deleted successfully.
C:\Users\virginie\Downloads\cmd.txt deleted successfully.
OTL by OldTimer - Version 3.2.39.2 log created on 04032012_230139
-
-
OTL n'arrive pas à les déplacer.
Il faut copier ces 3 fichiers :
C:\Users\virginie\AppData\Local\Temp\smtmp\1\Default Programs.lnk
C:\Users\virginie\AppData\Local\Temp\smtmp\1\desktop.ini
C:\Users\virginie\AppData\Local\Temp\smtmp\1\Windows Update.lnk
Et les coller dans ce dossier C:\ProgramData\Microsoft\Windows\Menu Démarrer
A noter que le fichier desktop.ini est un fichier caché.
A + -
Le Menu Démarrer est ok maintenant ou toujours pas ?
-
Bon, essayons comme ceci :
Clic-droit sur le bouton "Démarrer" > "Propriétés" -> onglet "Menu Démarrer" > "Personnaliser" > Clique sur "Paramètres par défaut"
A + -
Pour terminer :
1. Lance OTL
- Sous Vista/Seven clic-droit sur l'icône et choisir "Exécuter en tant qu'administrateur" dans le menu contextuel.
● Dans la partie "Personnalisation", copie/colle:
:commands [emptytemp] [clearallrestorepoints]
● Clique sur le bouton Correction.
2. Relance OTL en tant qu'administrateur
● Clique sur le bouton Purge outils
● Puis sur OK dans la boite de dialogue qui t'invite à redémarrer le système.
● Supprime les outils et les rapports restants éventuellement sur ton Bureau
3. Vérifie que les logiciels pouvant présenter des failles de sécurité sont à jour :
● Désinstalle Java(TM) 6 Update 17
● Télécharge et installe JRE 6 Update 31
● Désinstalle Adobe Reader 9.5.0 - Français
● Télécharge et installe Adobe Reader X (10.1.2)
● Vérifie ta version de FlashPlayer
Si nécéssaire télécharge et installe Adobe Flash Player 11.2.202.228 pour chaque navigateur.
!! Décoche les cases proposant des logiciels partenaires pendant les installations !!
4. (bis) ou bien tu peux utiliser cet outil : Vérifier et mettre à jour facilement les logiciels à risque avec SX Check&Update
== == == == == == == == == == == == == == == == == == == == == ==
La sécurité de son PC, c'est quoi ? (par Malekal)
== == == == == == == == == == == == == == == == == == == == == ==
Bonne soirée
