Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Iexplorer or firefox, even Opera, every of them eat my CPU

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Iexplorer or firefox, even Opera, every of them eat my CPU

Unread postby Choko_late » July 7th, 2009, 3:02 pm

HI, here is my Hijack, the problem is that Iexplorer or Firefox are using my CPU 100% when I active them 2times, they don't stop their activation (task manager)...
Thanks for helping me!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:32:02, on 2009-07-07
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\cam et Axel\Desktop\Sécurité\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Users\cam et Axel\Downloads\HijackThis.exe /startupscan
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resourc ... dfr-be.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/jre ... 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\Windows\system32\cssdll32.dll C:\Windows\system32\guard32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
Choko_late
Active Member
 
Posts: 8
Joined: July 7th, 2009, 2:43 pm
Advertisement
Register to Remove

Re: Iexplorer or firefox, even Opera, every of them eat my CPU

Unread postby MWR 3 day Mod » July 11th, 2009, 5:09 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Iexplorer or firefox, even Opera, every of them eat my CPU

Unread postby Jack&Jill » July 11th, 2009, 1:10 pm

Hello Choko_late,

Welcome to Malware Removal. I am Jack&Jill, and I will be helping you out.

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.
  • Please observe and follow these Forum Rules.
  • As I am currently training at Malware Removal, it will take some time for me to go through your logs, please be patient with me.
  • Be assured that any recommendations to you will be done as soon as possible and will be approved by an expert.
  • Reply and keep only to this thread. If you have the same topic elsewhere, please inform me or the other forum so that either can be closed.
  • Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
  • If you have any doubts or problems during the fix, please stop and ask.
  • Do not use or run any tools without supervision as they may cause more harm if improperly used.
  • If you do not reply within 3 days, this topic will be closed.

If you are agreeable to the above, then everything should go smoothly :) . We may begin.
I am working on your log now and will be back the soonest.

At the mean time, please post an Uninstall list
  • Open HijackThis.
  • Go to Open the Misc Tools section by clicking on the box.
  • Under the Systems tools, look for Open Uninstall Manager and click on it.
  • Click Save list... and save the text file in a convenient location.
  • Post the Uninstall list contents in your reply.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Iexplorer or firefox, even Opera, every of them eat my CPU

Unread postby Choko_late » July 11th, 2009, 9:05 pm

Hi Jack&Jill, first, thanks again for helping me, that's wonderfull!!!
Here's my Uninstall list from HijackThis, hope you will find out what's happening, but be aware that for now it seems that everythings is fine again with my computer... strange... If you could just have a look before says that everything's ok?? Thank you a lot, have a nice day


Ad-Aware
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Media Player
Adobe Media Player
Adobe Photoshop CS2
Adobe Reader 8.1.2 - Français
Adobe Stock Photos 1.0
Ask Toolbar
Assistant de connexion Windows Live
Atheros Client Installation Program
Avira AntiVir Personal - Free Antivirus
Camera Assistant Software for Toshiba
CCleaner (remove only)
Choice Guard
COMODO Firewall Pro
DVD Shrink 3.2
Galerie de photos Windows Live
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Installation Windows Live
Installation Windows Live
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 5
Java(TM) 6 Update 6
Junk Mail filter update
Microsoft Office Excel Viewer 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Office PowerPoint Viewer 2007 (French)
Microsoft Office Standard Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5)
MSVCRT
OpenOffice.org Installer 1.0
Outil de téléchargement Windows Live
Panda ActiveScan 2.0
ParetoLogic DriverCure
PCFriendly
Postal 2
Postal 2 Apocalypse Weekend Expansion Pack
Power DVD to AVI XVID Extractor 6.0.2
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
RegCure 1.5.2.7
Shareaza 2.4.0.0
Skype™ 4.0
Subtitle Workshop 2.51
Synaptics Pointing Device Driver
TOSHIBA Disc Creator
TOSHIBA Value Added Package
VideoLAN VLC media player 0.8.6c
Winamp
Windows Live Call
Windows Live Communications Platform
Windows Live Mail
Windows Live Messenger
Windows Live Sync
Windows Live Toolbar
Zipeg
Choko_late
Active Member
 
Posts: 8
Joined: July 7th, 2009, 2:43 pm

Re: Iexplorer or firefox, even Opera, every of them eat my CPU

Unread postby Jack&Jill » July 15th, 2009, 3:54 am

Hello Choko_late :) ,

Sorry for the delay. The forums have been very busy and so is life outside of the cyber world. I am letting you know that I have not forgotten about you and will post some instructions to help you out as soon as I am able to after approval from an expert. Thank you for your patience.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Iexplorer or firefox, even Opera, every of them eat my CPU

Unread postby Jack&Jill » July 15th, 2009, 9:37 pm

Hello Choko_late,

Remove P2P software
  • IMPORTANT: I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    Shareaza 2.4.0.0

  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
  • Go to Control Panel > Add/Remove Programs and uninstall the P2P program(s) listed above (in red).
  • Please remove them before we continue with fixing your computer.

Please post back:
1. new HijackThis log
2. new uninstall list
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Iexplorer or firefox, even Opera, every of them eat my CPU

Unread postby Choko_late » July 16th, 2009, 8:14 pm

Hi,
so I remove shareaza, even if I like it...
Have to do what I takes!!
So again, here is my hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:55 PM, on 16/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\cam et Axel\Desktop\Sécurité\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Users\cam et Axel\Downloads\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resourc ... dfr-be.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/jre ... 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

--
End of file - 9849 bytes

and the uninstall list...
Ad-Aware
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Media Player
Adobe Media Player
Adobe Photoshop CS2
Adobe Reader 8.1.2 - Français
Adobe Stock Photos 1.0
Ask Toolbar
Assistant de connexion Windows Live
Atheros Client Installation Program
Avira AntiVir Personal - Free Antivirus
Camera Assistant Software for Toshiba
CCleaner (remove only)
Choice Guard
COMODO Firewall Pro
DNRGarmin
DVD Shrink 3.2
Galerie de photos Windows Live
Garmin Trip and Waypoint Manager v5
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Installation Windows Live
Installation Windows Live
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 5
Java(TM) 6 Update 6
Junk Mail filter update
Microsoft Office Excel Viewer 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Office PowerPoint Viewer 2007 (French)
Microsoft Office Standard Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5)
MSVCRT
OpenOffice.org Installer 1.0
Outil de téléchargement Windows Live
Panda ActiveScan 2.0
ParetoLogic DriverCure
PCFriendly
Postal 2
Postal 2 Apocalypse Weekend Expansion Pack
Power DVD to AVI XVID Extractor 6.0.2
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
RegCure 1.5.2.7
Skype™ 4.0
Subtitle Workshop 2.51
Synaptics Pointing Device Driver
TOSHIBA Disc Creator
TOSHIBA Value Added Package
VideoLAN VLC media player 0.8.6c
Winamp
Windows Live Call
Windows Live Communications Platform
Windows Live Mail
Windows Live Messenger
Windows Live Sync
Windows Live Toolbar
Zipeg





***Thanks again!
Choko_late
Active Member
 
Posts: 8
Joined: July 7th, 2009, 2:43 pm

Re: Iexplorer or firefox, even Opera, every of them eat my CPU

Unread postby Jack&Jill » July 17th, 2009, 9:30 am

Hello Choko_late :) ,

For Windows Vista, please use right click and select Run as administrator instead of double click to run all the tools I ask you to, or they may not work properly.

Validate Windows
  • Please download MGADiag.exe from Microsoft and save it to a convenient location. Click here.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in. Save this file and post it in your next reply.

I see that you have a Registry Cleaner program installed.

RegCure 1.5.2.7

Personally, I do not recommend any such programs. Here is an excerpt from a discussion on Registry Cleaners:
Most Registry Cleaners aren't bad as such, but they aren't perfect and even the best have been known to cause problems. The point we are trying to make is that the risk of using one far outweighs any benefit. If it does work perfectly you will not see any difference. If it doesn't work properly you may end up with an expensive doorstop.
See here for additional information. You may uninstall it through Add/Remove Programs at the Control Panel.

Please download ATF (Atribune Temp File) Cleaner© by Atribune from one of the links below and save it to your desktop.

Link 1
Link 2
Link 3

Run ATF Cleaner
  • Double-click ATF Cleaner.exe to open it.
  • Click Run if prompted.
  • At the bottom of the list, check (tick) Select All.
  • Note: If you would like to keep your cookies, please uncheck this option as it will remove all cookies, including the useful ones you may want to keep.
  • Then click the Empty Selected button.
  • Firefox:
    • Click Firefox at the top and choose: Select All. Uncheck the cookies option if you want to keep them.
    • Click the Empty Selected button.
    • Note: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.

Please download Malwarebytes' Anti-Malware (MBAM)© from Malwarebytes and save it to your desktop. Click here.

Run MBAM
  • Double click on mbam-setup.exe and follow the prompts to install the program.
  • At the end of installation, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • MBAM will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update mirror, select one of the websites and click on Check for Updates.
  • Upon completion of update and loading, select the Scanner tab. Click on Perform full scan, then click on Scan.
  • Leave the default options as it is and click on Start Scan.
  • When done, you will be prompted. Click OK, then click on Show Results.
  • Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
  • After it has removed the items, a log in Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

Please post back:
1. MGADiag report
2. MBAM result
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Iexplorer or firefox, even Opera, every of them eat my CPU

Unread postby Choko_late » July 17th, 2009, 3:34 pm

Here it is...

Diagnostic Report (1.9.0011.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-GMVFF-9D784-W6DJF
Windows Product Key Hash: Cfjh/xArwYWqJPQZVn4VqNtbYtc=
Windows Product ID: 89578-OEM-7218055-01629
Windows Product ID Type: 8
Windows License Type: COA SLP
Windows OS version: 6.0.6001.2.00010300.1.0.003
ID: {3885B8C8-802E-44FD-8BA5-134950268AA9}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6001.vistasp1_gdr.090302-1506
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Standard Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{3885B8C8-802E-44FD-8BA5-134950268AA9}</UGUID><Version>1.9.0011.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-W6DJF</PKey><PID>89578-OEM-7218055-01629</PID><PIDType>8</PIDType><SID>S-1-5-21-1214721553-2275925957-17590425</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite P200</Model></SYSTEM><BIOS><Manufacturer>TOSHIBA</Manufacturer><Version>V1.70</Version><SMBIOSVersion major="2" minor="4"/><Date>20070821000000.000000+000</Date></BIOS><HWID>73333507018400FE</HWID><UserLCID>1009</UserLCID><SystemLCID>040C</SystemLCID><TimeZone>Est(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSCPL</OEMID><OEMTableID>TOSCPL00</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{9112040C-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Standard Edition 2003</Name><Ver>11</Ver><Val>23931FBB0B07864</Val><Hash>HBtSJ06vrqalj9Wc0Tj+6e8VzaE=</Hash><Pid>72868-050-7246612-56035</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Version du service de licences logicielles : 6.0.6001.18000
Nom : Windows(TM) Vista, HomePremium edition
Description : Windows Operating System - Vista, OEM_COA_SLP channel
ID d’activation : a4eec485-e375-48b4-8f51-80d13a4086b6
ID d’application : 55c92734-d682-4d71-983e-d6ec3f16059f
PID étendu : 89578-00144-180-501629-02-3084-6001.0000-0672008
ID d’installation : 004650099364245045878943082500935871936584879062165500
URL du certificat du processeur : http://go.microsoft.com/fwlink/?LinkID=43473
URL du certificat de l’ordinateur : http://go.microsoft.com/fwlink/?LinkID=43474
URL de licence d’utilisation : http://go.microsoft.com/fwlink/?LinkID=43476
URL du certificat de clé de produit : http://go.microsoft.com/fwlink/?LinkID=43475
Clé de produit partielle : W6DJF
État de la licence : avec licence

HWID Data-->
HWID Hash Current: NAAAAAEAAgABAAIAAQABAAAAAwABAAEA+l5cnr55aprqTkqtGuEwsPL0uvsQuCQLrFb0SA==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC INTEL CALISTGA
FACP TOSCPL CALISTGA
HPET INTEL CALISTGA
BOOT PTLTD $SBFTBL$
MCFG INTEL CALISTGA
SLIC TOSCPL TOSCPL00
APIC INTEL CALISTGA
SSDT SataRe SataPri
SSDT SataRe SataPri
SSDT SataRe SataPri
SSDT SataRe SataPri
SSDT SataRe SataPri


and MBAM report:

Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2452
Windows 6.0.6001 Service Pack 1

17/07/2009 3:22:54 PM
mbam-log-2009-07-17 (15-22-54).txt

Type de recherche: Examen complet (C:\|D:\|G:\|)
Eléments examinés: 256359
Temps écoulé: 1 hour(s), 19 minute(s), 50 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\GalaPlayer (Trojan.Lop) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\Users\cam et axel\downloads\antivir_workstation_winu_en_h.exe (Spyware.Banker) -> Quarantined and deleted successfully.


Hope it will help again..
Choko_late
Active Member
 
Posts: 8
Joined: July 7th, 2009, 2:43 pm

Re: Iexplorer or firefox, even Opera, every of them eat my CPU

Unread postby Jack&Jill » July 18th, 2009, 8:59 am

Hello Choko_late :) ,

For Windows Vista, please use right click and select Run as administrator instead of double click to run all the tools I ask you to, or they may not work properly.

Some of the infections you have must have been downloaded when you used Shareaza. That is why we are against P2P. Did you install your Avira Antivirus from the following file?
c:\Users\cam et axel\downloads\antivir_workstation_winu_en_h.exe

If yes, I would suggest you uninstall it through Add/Remove Programs at the Control Panel and try one of these:

Avast
Avira
AVG

Please note that only one AV should be installed at a time.

Please download OTL© by OldTimer and save it to your desktop. Click here.
  • Double click on OTL.exe to run it.
  • Make sure all the Use SafeList options is checked (ticked). There are five of them.
  • Check Scan All Users.
  • At the lower right corner, check LOP Check only.
  • Click on Run Scan at the top left hand corner. This might take a while.
  • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.
    Note: These files are saved as OTL.txt and Extras.txt on the desktop.

Please download Rooter© by Eric_71 and save it to your desktop. Click here.

Run Rooter
  • Double click on Rooter.exe to run the tool. Allow if prompted by your security softwares.
  • Click on Scan to start scanning.
  • When completed, a Notepad file containing the report will open, also found at %systemdrive%\Rooter$\Rooter_#.txt. %systemdrive% is usually C:\ and # is a number.
  • Please post the contents of that report here.

Please post back:
1. the OTL reports (OTL.txt and Extras.txt)
2. Rooter result
Last edited by Jack&Jill on July 19th, 2009, 10:05 pm, edited 1 time in total.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Iexplorer or firefox, even Opera, every of them eat my CPU

Unread postby Choko_late » July 18th, 2009, 8:21 pm

Hi,
sorry but I don't really found the file from where I installed Avira but I'm sure it was from the official site, so normally it's safe...
Second, I can't go to an "administrator-style" (don't know how to say it) beacause when I right-clic, nothing happends! sorry, I don't really understand, I never asked for having sessions and administrator, Windows grrr!

There's the Rooter Log:
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows Vista Home Edition (6.0.6001) Service Pack 1
[32_bits] - x86 Family 6 Model 14 Stepping 12, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Disabled !
.
Internet Explorer 8.0.6001.18783
Mozilla Firefox 3.5 (fr)
.
C:\ [Fixed-NTFS] .. ( Total:96 Go - Free:42 Go )
D:\ [Fixed-NTFS] .. ( Total:6 Go - Free:2 Go )
E:\ [CD_Rom]
H:\ [Fixed-FAT32] .. ( Total:232 Go - Free:23 Go )
.
Scan : 20:10.14
Path : C:\Users\cam et Axel\Desktop\Sécurité\Rooter.exe
User : cam et Axel ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (496)
______ C:\Windows\system32\csrss.exe (580)
______ C:\Windows\system32\wininit.exe (624)
______ C:\Windows\system32\csrss.exe (636)
______ C:\Windows\system32\services.exe (672)
______ C:\Windows\system32\lsass.exe (684)
______ C:\Windows\system32\lsm.exe (692)
______ C:\Windows\system32\winlogon.exe (804)
______ C:\Windows\system32\svchost.exe (884)
______ C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (948)
______ C:\Windows\system32\svchost.exe (1000)
Locked cmdagent.exe (1044)
______ C:\Windows\system32\svchost.exe (1132)
______ C:\Windows\System32\svchost.exe (1172)
______ C:\Windows\System32\svchost.exe (1244)
______ C:\Windows\System32\svchost.exe (1276)
______ C:\Windows\system32\svchost.exe (1288)
Locked audiodg.exe (1388)
______ C:\Windows\system32\svchost.exe (1416)
______ C:\Windows\system32\SLsvc.exe (1432)
______ C:\Windows\system32\svchost.exe (1456)
______ C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (1756)
______ C:\Windows\system32\WLANExt.exe (1764)
______ C:\Windows\System32\spoolsv.exe (1944)
______ C:\Program Files\Avira\AntiVir Desktop\sched.exe (360)
______ C:\Windows\system32\svchost.exe (364)
______ C:\Windows\system32\agrsmsvc.exe (1380)
______ C:\Program Files\Avira\AntiVir Desktop\avguard.exe (1644)
______ C:\Windows\system32\svchost.exe (1960)
______ C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (544)
______ C:\Windows\system32\svchost.exe (2084)
______ C:\Windows\system32\TODDSrv.exe (2160)
______ C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (2252)
______ C:\Windows\System32\svchost.exe (2312)
______ C:\Windows\system32\SearchIndexer.exe (2368)
______ C:\Windows\system32\taskeng.exe (2644)
______ C:\Windows\system32\wbem\unsecapp.exe (2836)
______ C:\Windows\system32\wbem\wmiprvse.exe (2916)
______ C:\Windows\system32\Dwm.exe (3876)
______ C:\Windows\system32\taskeng.exe (3892)
______ C:\Windows\Explorer.EXE (3916)
______ C:\Program Files\Windows Defender\MSASCui.exe (1640)
______ C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (2444)
______ C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (2864)
______ C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (2848)
______ C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (2860)
______ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (1284)
Locked cfp.exe (3020)
______ C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (2100)
______ C:\Windows\System32\igfxtray.exe (1524)
______ C:\Windows\System32\hkcmd.exe (2508)
______ C:\Windows\System32\igfxpers.exe (848)
______ C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (2928)
______ C:\Program Files\Windows Sidebar\sidebar.exe (2468)
______ C:\Program Files\ltmoh\ltmoh.exe (760)
______ C:\Windows\ehome\ehtray.exe (3124)
______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (156)
______ C:\Windows\system32\igfxsrvc.exe (2608)
______ C:\Program Files\Skype\Phone\Skype.exe (3296)
______ C:\Program Files\Windows Live\Messenger\msnmsgr.exe (3344)
______ C:\Program Files\Synaptics\SynTP\SynToshiba.exe (3428)
______ C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe (3444)
______ C:\Windows\ehome\ehmsas.exe (2404)
______ C:\Program Files\Windows Sidebar\sidebar.exe (3480)
______ C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (4624)
______ C:\Program Files\Skype\Plugin Manager\skypePM.exe (4720)
______ C:\Program Files\Windows Live\Contacts\wlcomm.exe (4928)
______ C:\Program Files\Internet Explorer\iexplore.exe (5972)
______ C:\Program Files\Internet Explorer\iexplore.exe (4660)
______ C:\Program Files\Windows Live\Toolbar\wltuser.exe (5604)
______ C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (264)
______ C:\Program Files\Internet Explorer\iexplore.exe (3768)
______ C:\Users\cam et Axel\Desktop\Sécurité\OTL.exe (5636)
______ C:\Windows\system32\SearchProtocolHost.exe (5556)
______ C:\Windows\system32\SearchFilterHost.exe (5084)
______ C:\Users\cam et Axel\Desktop\Sécurité\Rooter.exe (4952)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:1048576 | Length:1572864000)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:1573912576 | Length:103504936960)
\Device\Harddisk0\Partition3 (Start_Offset:105078849536 | Length:7825522688)
\Device\Harddisk0\Partition0 (Start_Offset:112908418560 | Length:7114867200)
\Device\Harddisk0\Partition4 (Start_Offset:112908450816 | Length:7114834944)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Ad-Aware Update (Weekly).job
C:\Windows\Tasks\Driver Robot.job
C:\Windows\Tasks\DriverCure.job
C:\Windows\Tasks\ParetoLogic Update Version2.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\User_Feed_Synchronization-{42C4E31F-7980-4CAF-9C65-BC128CED30F0}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 20:10.27
.
C:\Rooter$\Rooter_1.txt - (18/07/2009 | 20:10.27)



and

OTL logfile created on: 18/07/2009 8:08:36 PM - Run 1
OTL by OldTimer - Version 3.0.9.2 Folder = C:\Users\cam et Axel\Desktop\Sécurité
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.49 Gb Total Physical Memory | 0.56 Gb Available Physical Memory | 37.54% Memory free
3.23 Gb Paging File | 1.71 Gb Available in Paging File | 52.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 96.40 Gb Total Space | 42.60 Gb Free Space | 44.20% Space Free | Partition Type: NTFS
Drive D: | 6.63 Gb Total Space | 2.49 Gb Free Space | 37.59% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 232.83 Gb Total Space | 23.91 Gb Free Space | 10.27% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: ORDIDECAMETAXEL
Current User Name: cam et Axel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/01/05 07:21:53 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
PRC - [2009/07/05 08:35:20 | 00,707,152 | ---- | M] (COMODO) -- C:\Program Files\COMODO\Firewall\cmdagent.exe
PRC - [2009/07/07 07:18:01 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/07/13 20:29:11 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2006/10/04 21:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2009/07/13 20:29:11 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2006/05/25 18:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/10/11 18:02:38 | 00,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2008/01/19 03:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/03/02 22:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2008/10/29 02:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/01/19 03:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/05/22 10:50:02 | 00,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007/10/11 18:02:56 | 00,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2007/06/15 21:01:58 | 00,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2007/10/11 14:02:02 | 00,712,704 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009/03/20 07:36:38 | 01,451,304 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2009/07/05 08:35:51 | 01,793,808 | ---- | M] (COMODO) -- C:\Program Files\COMODO\Firewall\cfp.exe
PRC - [2009/03/02 13:08:11 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/06/18 14:01:34 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2008/06/18 14:01:26 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/06/18 14:01:30 | 00,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2009/07/07 07:18:02 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2008/01/19 03:33:30 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2007/01/08 23:23:04 | 00,191,552 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2008/01/19 03:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008/05/23 21:57:55 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/06/18 14:01:32 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2009/05/26 19:41:16 | 24,264,488 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/03/20 07:36:58 | 00,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2007/07/19 16:27:18 | 04,765,184 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/01/19 03:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008/01/19 03:33:30 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009/03/20 07:36:38 | 00,103,720 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2009/05/26 19:41:16 | 00,077,360 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/03/08 17:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 17:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/06 18:21:00 | 00,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2008/01/05 07:21:39 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
PRC - [2009/03/08 17:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/07/18 20:05:30 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\cam et Axel\Desktop\Sécurité\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/06/24 18:25:55 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2006/10/04 21:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])
SRV - [2009/07/13 20:29:11 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/07/13 20:29:11 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2008/05/28 20:12:12 | 00,069,120 | ---- | M] (BOONTY) -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games [Disabled | Stopped])
SRV - [2008/01/05 07:26:41 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/07/05 08:35:20 | 00,707,152 | ---- | M] (COMODO) -- C:\Program Files\COMODO\Firewall\cmdagent.exe -- (cmdAgent [Auto | Running])
SRV - [2008/01/19 03:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/01/19 03:36:53 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2008/01/05 07:21:53 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [Auto | Running])
SRV - [2009/05/18 08:32:56 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/01/05 07:21:39 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Running])
SRV - [2009/07/07 07:18:01 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2008/01/05 07:21:39 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/02/20 04:13:54 | 00,145,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2006/05/25 18:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv [Auto | Running])
SRV - [2007/10/11 18:02:38 | 00,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv [Auto | Running])
SRV - [2008/01/19 03:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/19 03:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/11/02 05:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 05:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 05:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/28 00:11:00 | 01,161,888 | ---- | M] (Agere Systems) -- C:\Windows\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2006/11/02 05:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2006/11/02 05:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2006/11/02 05:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 05:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2009/02/17 20:01:34 | 01,093,632 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\DRIVERS\athr.sys -- (athr [On_Demand | Running])
DRV - [2009/02/13 12:34:33 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2009/03/24 16:07:58 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2009/03/30 10:32:47 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\Windows\System32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2006/11/02 04:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 04:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 04:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 04:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 04:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 04:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2009/07/07 20:17:47 | 00,128,888 | ---- | M] (COMODO) -- C:\Windows\System32\DRIVERS\cmdguard.sys -- (cmdGuard [System | Running])
DRV - [2009/07/05 08:36:54 | 00,029,520 | ---- | M] (COMODO) -- C:\Windows\System32\DRIVERS\cmdhlp.sys -- (cmdHlp [System | Running])
DRV - [2006/11/02 05:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2008/06/10 22:38:57 | 00,018,816 | ---- | M] (RIF) -- C:\Windows\System32\DRIVERS\dvd43llh.sys -- (dvd43llh [On_Demand | Running])
DRV - [2006/11/02 03:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2006/11/02 05:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2007/03/08 18:18:00 | 00,008,320 | ---- | M] (GARMIN Corp.) -- C:\Windows\System32\drivers\grmnusb.sys -- (grmnusb [On_Demand | Stopped])
DRV - [2006/11/02 05:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2008/06/18 13:38:20 | 02,307,584 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (ialm [On_Demand | Stopped])
DRV - [2006/11/02 05:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2008/06/18 13:38:20 | 02,307,584 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (igfx [On_Demand | Running])
DRV - [2006/11/02 05:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2009/07/05 08:39:25 | 00,074,328 | ---- | M] (COMODO) -- C:\Windows\System32\DRIVERS\inspect.sys -- (inspect [System | Running])
DRV - [2006/11/02 05:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 05:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2009/07/07 07:18:13 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2006/07/28 16:25:26 | 00,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter [Boot | Running])
DRV - [2006/11/02 05:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 05:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 05:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2006/11/02 05:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2006/11/02 05:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2008/06/23 19:17:12 | 00,027,136 | ---- | M] (NCH Swift Sound) -- C:\Windows\System32\drivers\nchssvad.sys -- (NCHSSVAD [On_Demand | Stopped])
DRV - [2006/11/02 05:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 03:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2006/11/02 05:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006/11/02 05:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - File not found -- Service key not found. -- (pavboot [Unknown | Running])
DRV - [2006/11/02 05:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2009/05/25 14:50:44 | 00,164,864 | ---- | M] (Realtek ) -- C:\Windows\System32\DRIVERS\Rtlh86.sys -- (RTL8169 [On_Demand | Running])
DRV - [2006/11/02 02:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2005/01/14 12:14:07 | 00,047,616 | ---- | M] (Protection Technology) -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Stopped])
DRV - [2004/10/28 06:47:59 | 00,006,656 | ---- | M] (Protection Technology) -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
DRV - [2004/12/03 06:20:41 | 00,020,544 | ---- | M] (Protection Technology) -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
DRV - [2006/11/02 05:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 05:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2008/05/28 20:10:42 | 00,716,272 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2009/07/13 20:29:11 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2006/11/02 05:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 05:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 05:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2009/03/20 07:37:42 | 00,208,688 | ---- | M] (Synaptics Incorporated) -- C:\Windows\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2006/10/18 11:50:04 | 00,016,128 | ---- | M] (TOSHIBA Corporation.) -- C:\Windows\System32\DRIVERS\tdcmdpst.sys -- (tdcmdpst [On_Demand | Running])
DRV - [2007/11/09 05:00:52 | 00,023,640 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ [Boot | Running])
DRV - [2009/07/05 21:11:24 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\Windows\System32\DRIVERS\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
DRV - [2006/11/02 05:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 05:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2007/04/16 10:19:10 | 00,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) -- C:\Windows\System32\Drivers\UVCFTR_S.SYS -- (UVCFTR [On_Demand | Running])
DRV - [2006/11/02 05:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2006/11/02 05:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1214721553-2275925957-17590425-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1214721553-2275925957-17590425-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.blackle.com/
IE - HKU\S-1-5-21-1214721553-2275925957-17590425-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1214721553-2275925957-17590425-1000\S-1-5-21-1214721553-2275925957-17590425-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5

FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/06 16:00:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/06 15:59:52 | 00,000,000 | ---D | M]

[2009/07/06 16:00:31 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\mozilla\Extensions
[2009/07/06 16:00:31 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/06 16:00:31 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\mozilla\Firefox\Profiles\cdjhjjl3.default\extensions
[2009/07/06 15:59:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/06 15:59:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/24 11:27:47 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/24 11:27:47 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/06/24 11:27:47 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/06/24 08:31:33 | 00,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2009/06/24 08:31:33 | 00,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009/06/24 08:31:33 | 00,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2009/06/24 08:31:33 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 08:31:33 | 00,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2009/06/24 08:31:33 | 00,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKU\S-1-5-21-1214721553-2275925957-17590425-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1214721553-2275925957-17590425-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-1214721553-2275925957-17590425-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [COMODO Firewall Pro] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-1214721553-2275925957-17590425-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1214721553-2275925957-17590425-1000..\Run: [HijackThis startup scan] File not found
O4 - HKU\S-1-5-21-1214721553-2275925957-17590425-1000..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
O4 - HKU\S-1-5-21-1214721553-2275925957-17590425-1000..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1214721553-2275925957-17590425-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1214721553-2275925957-17590425-1000..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-1214721553-2275925957-17590425-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\cam et Axel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE File not found
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Programmes\Microsoft Office\OFFICE11\EXCEL.EXE File not found
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmes\Microsoft Office\OFFICE11\REFIEBAR.DLL File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/Fac ... oader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resourc ... dfr-be.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://sdlc-esd.sun.com/ESD42/JSCDL/jre ... 586-jc.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmes\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll File not found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmes\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll File not found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmes\Common Files\microsoft shared\Web Components\11\OWC11.DLL File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmes\Common Files\Skype\Skype4COM.dll File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/06/13 22:43:16 | 00,000,000 | R--D | M] - H:\autorun -- [ FAT32 ]
O33 - MountPoints2\{b51ac4f0-803f-11dd-b4e0-001b381c4689}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[5 C:\Windows\System32\*.tmp files]
[2009/07/17 21:48:39 | 00,000,000 | ---D | C] -- C:\Users\cam et Axel\AppData\Local\Adobe
[2009/07/17 16:48:56 | 00,000,182 | ---- | C] () -- C:\Users\cam et Axel\Desktop\MP3 (F) - Raccourci.lnk
[2009/07/17 13:56:37 | 00,000,000 | ---D | C] -- C:\Users\cam et Axel\AppData\Roaming\Malwarebytes
[2009/07/17 13:56:31 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/17 13:56:28 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/17 13:56:28 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/07/17 13:56:12 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/17 13:36:02 | 00,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2009/07/17 11:09:44 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009/07/15 12:47:47 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009/07/15 12:47:46 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/07/15 12:47:46 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/07/15 12:47:46 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2009/07/15 10:21:45 | 00,000,000 | R--D | C] -- C:\la_maison_aux_lilas_de_lanse
[2009/07/14 09:09:31 | 00,000,760 | ---- | C] () -- C:\Users\cam et Axel\Desktop\Music.lnk
[2009/07/13 15:28:02 | 00,000,000 | ---D | C] -- C:\WebUpdater
[2009/07/13 15:24:11 | 00,018,432 | ---- | C] (GARMIN Corp.) -- C:\Windows\System32\drivers\grmngen.sys
[2009/07/13 15:24:09 | 00,008,320 | ---- | C] (GARMIN Corp.) -- C:\Windows\System32\drivers\grmnusb.sys
[2009/07/13 15:23:49 | 00,000,000 | ---D | C] -- C:\Garmin
[2009/07/13 15:10:09 | 00,000,000 | ---D | C] -- C:\Program Files\dnrgarmin
[2009/07/13 13:59:05 | 00,000,000 | R--D | C] -- C:\Users\cam et Axel\Desktop\La Maison aux Lilas de l'Anse
[2009/07/12 15:17:41 | 00,000,205 | ---- | C] () -- C:\Users\cam et Axel\Desktop\Lecteur CD - Raccourci.lnk
[2009/07/07 20:35:02 | 00,000,000 | ---D | C] -- C:\Users\cam et Axel\Desktop\film
[2009/07/07 15:13:02 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/07/07 07:49:28 | 00,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/07/07 07:22:17 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/07/07 07:22:17 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/07/07 07:21:45 | 00,000,512 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/07/07 07:11:31 | 00,000,000 | -H-D | C] -- C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/07/07 07:11:15 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/07/06 23:16:55 | 00,000,000 | ---D | C] -- C:\Users\cam et Axel\AppData\Roaming\Lavasoft
[2009/07/06 23:16:37 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/07/06 22:10:33 | 00,000,000 | ---D | C] -- C:\swsetup
[2009/07/06 22:08:53 | 00,000,000 | ---D | C] -- C:\DRIVERS
[2009/07/06 22:03:51 | 00,000,000 | -H-D | C] -- C:\Program Files\Temp
[2009/07/06 22:01:02 | 00,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2009/07/06 22:01:02 | 00,000,000 | ---D | C] -- C:\Program Files\Intel
[2009/07/06 20:52:58 | 00,397,312 | ---- | C] (Atheros) -- C:\Windows\System32\athihvs.dll
[2009/07/06 20:52:58 | 00,061,440 | ---- | C] (Atheros) -- C:\Windows\System32\athihvui.dll
[2009/07/06 20:52:58 | 00,000,000 | ---D | C] -- C:\Windows\System32\nn-NO
[2009/07/06 20:47:16 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/07/06 20:46:42 | 00,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/07/06 16:00:14 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/06 16:00:08 | 00,000,000 | ---D | C] -- C:\Users\cam et Axel\AppData\Roaming\Mozilla
[2009/07/06 16:00:08 | 00,000,000 | ---D | C] -- C:\Users\cam et Axel\AppData\Local\Mozilla
[2009/07/06 15:59:41 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/07/06 15:55:41 | 00,000,526 | ---- | C] () -- C:\Users\cam et Axel\Desktop\FinePix S1000fd - Raccourci.lnk
[2009/07/06 15:10:59 | 00,029,696 | ---- | C] () -- C:\Users\cam et Axel\Documents\recherche logement.doc
[2009/07/06 14:42:09 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloads
[2009/07/06 14:40:34 | 00,000,428 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2009/07/06 14:40:20 | 00,000,392 | ---- | C] () -- C:\Windows\tasks\DriverCure.job
[2009/07/06 14:40:08 | 00,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2009/07/06 14:40:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2009/07/06 14:39:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2009/07/05 21:46:30 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2009/07/05 21:19:10 | 00,000,000 | ---D | C] -- C:\Users\cam et Axel\AppData\Roaming\DriverCure
[2009/07/05 21:19:01 | 00,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2009/07/05 21:19:01 | 00,000,000 | ---D | C] -- C:\ProgramData\DriverCure
[2009/07/05 21:11:33 | 00,023,600 | ---- | C] (EnTech Taiwan) -- C:\Windows\System32\drivers\TVICHW32.SYS
[2009/07/05 19:20:01 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2009/06/29 16:53:21 | 00,000,422 | ---- | C] () -- C:\Windows\tasks\Driver Robot.job
[2009/06/24 19:17:47 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2009/06/24 19:02:45 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/06/24 19:02:44 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/06/24 19:02:43 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/06/24 19:02:43 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/06/24 19:02:43 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/06/24 19:02:43 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/06/24 19:02:42 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/06/24 19:02:42 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/06/24 19:02:41 | 01,207,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/06/24 19:02:41 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/06/24 19:02:40 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/06/24 19:02:38 | 11,064,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/06/24 19:02:38 | 05,936,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/06/24 19:00:27 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/06/24 19:00:27 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/06/24 19:00:27 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/06/24 19:00:27 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/06/24 19:00:26 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/06/24 19:00:26 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/06/24 19:00:26 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/06/24 19:00:25 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/06/24 19:00:25 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/06/24 19:00:25 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/06/24 19:00:25 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/06/24 19:00:25 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/06/24 19:00:24 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/06/24 19:00:24 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/06/24 19:00:24 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/06/24 19:00:24 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/06/24 19:00:24 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/06/24 19:00:24 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/06/24 19:00:24 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/06/24 19:00:23 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/06/24 19:00:23 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/06/24 19:00:23 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/06/24 19:00:23 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/06/24 19:00:23 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/06/24 19:00:23 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/06/24 19:00:23 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/06/24 19:00:23 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/06/24 19:00:22 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/06/24 19:00:22 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/06/24 19:00:21 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/06/24 19:00:21 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/06/24 19:00:21 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/06/24 19:00:20 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/06/24 19:00:19 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/06/24 19:00:19 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/06/24 19:00:19 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/06/24 19:00:19 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/06/24 19:00:19 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/06/24 19:00:19 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/06/24 19:00:19 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/06/24 19:00:19 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/06/24 19:00:19 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/06/20 15:39:06 | 00,000,000 | ---D | C] -- C:\Users\cam et Axel\Desktop\musique CAM
[2009/04/27 16:28:01 | 00,000,382 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/04/05 20:46:16 | 00,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2008/11/30 20:50:02 | 00,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI
[2008/10/20 13:58:41 | 00,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2008/06/18 13:51:06 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll
[2008/06/10 22:38:40 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/06/10 22:38:40 | 00,548,864 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2008/06/10 22:38:40 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/06/10 22:38:40 | 00,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2008/06/10 22:38:40 | 00,061,440 | ---- | C] () -- C:\Windows\System32\cygz.dll
[2008/06/10 22:38:40 | 00,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2008/05/28 20:10:42 | 00,716,272 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/05/21 22:59:25 | 00,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/05/21 22:59:25 | 00,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/05/21 22:59:25 | 00,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/05/21 22:59:25 | 00,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/05/21 22:27:22 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2008/02/11 19:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 06:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 00:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1998/10/11 01:07:38 | 00,088,576 | ---- | C] () -- C:\Windows\System32\Iticheck.dll

========== Files - Modified Within 30 Days ==========

[5 C:\Windows\System32\*.tmp files]
[2009/07/18 19:45:25 | 00,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{42C4E31F-7980-4CAF-9C65-BC128CED30F0}.job
[2009/07/18 19:29:46 | 00,004,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/18 19:29:46 | 00,004,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/18 19:29:33 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/18 17:39:31 | 00,053,760 | ---- | M] () -- C:\Users\cam et Axel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/18 16:27:17 | 00,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2009/07/18 16:01:47 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/18 16:01:33 | 16,002,49856 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/17 23:22:58 | 03,783,740 | -H-- | M] () -- C:\Users\cam et Axel\AppData\Local\IconCache.db
[2009/07/17 21:54:05 | 00,722,956 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/07/17 21:54:05 | 00,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/07/17 21:54:05 | 00,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/07/17 21:54:05 | 00,037,586 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2009/07/17 21:54:05 | 00,013,966 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2009/07/17 16:48:56 | 00,000,182 | ---- | M] () -- C:\Users\cam et Axel\Desktop\MP3 (F) - Raccourci.lnk
[2009/07/17 00:35:00 | 00,000,428 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2009/07/16 18:58:01 | 00,000,760 | ---- | M] () -- C:\Users\cam et Axel\Desktop\Music.lnk
[2009/07/15 18:53:16 | 00,364,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 20:29:11 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/12 15:17:41 | 00,000,205 | ---- | M] () -- C:\Users\cam et Axel\Desktop\Lecteur CD - Raccourci.lnk
[2009/07/07 20:17:52 | 00,179,792 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
[2009/07/07 20:17:47 | 00,128,888 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2009/07/07 11:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/07/07 07:24:42 | 00,000,512 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/07/07 07:19:01 | 00,015,688 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2009/07/07 07:18:13 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/07/07 02:31:02 | 00,000,392 | ---- | M] () -- C:\Windows\tasks\DriverCure.job
[2009/07/06 22:20:00 | 00,016,096 | ---- | M] () -- C:\Windows\System32\results.xml
[2009/07/06 22:03:59 | 00,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2009/07/06 20:46:42 | 00,001,746 | ---- | M] () -- C:\Windows\Language_trs.ini
[2009/07/06 16:00:14 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2009/07/06 15:55:41 | 00,000,526 | ---- | M] () -- C:\Users\cam et Axel\Desktop\FinePix S1000fd - Raccourci.lnk
[2009/07/06 15:10:59 | 00,029,696 | ---- | M] () -- C:\Users\cam et Axel\Documents\recherche logement.doc
[2009/07/05 21:11:24 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\Windows\System32\drivers\TVICHW32.SYS
[2009/07/05 08:39:25 | 00,074,328 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2009/07/05 08:36:54 | 00,029,520 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2009/06/30 08:46:09 | 00,000,422 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2009/06/25 18:18:21 | 00,000,290 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/06/24 19:17:47 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf

========== LOP Check ==========

[2009/07/17 13:56:37 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming
[2009/07/12 17:23:20 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\com.zipeg
[2009/07/05 21:19:30 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\DriverCure
[2009/06/19 20:58:10 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\dvdcss
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\Media Center Programs
[2008/07/28 17:24:39 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\NCH Software
[2009/05/02 19:11:39 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\NCH Swift Sound
[2009/06/12 22:08:18 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\Opera
[2009/07/16 19:58:20 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\Shareaza
[2008/05/21 23:15:44 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\toshiba
[2008/10/11 21:05:10 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\U3
[2008/06/13 18:01:02 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\Uniblue
[2009/05/31 23:14:57 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\uTorrent
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Media Center Programs
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Media Center Programs
[2009/07/07 07:24:42 | 00,000,512 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/06/30 08:46:09 | 00,000,422 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2009/07/07 02:31:02 | 00,000,392 | ---- | M] () -- C:\Windows\Tasks\DriverCure.job
[2009/07/17 00:35:00 | 00,000,428 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job
[2009/07/18 16:01:47 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/07/18 07:36:30 | 00,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/18 19:45:25 | 00,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{42C4E31F-7980-4CAF-9C65-BC128CED30F0}.job

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\cam et Axel\Documents\Mes fichiers reçus:Shareaza.GUID
< End of report >
Choko_late
Active Member
 
Posts: 8
Joined: July 7th, 2009, 2:43 pm

Re: Iexplorer or firefox, even Opera, every of them eat my CPU

Unread postby Jack&Jill » July 19th, 2009, 9:05 pm

Hello Choko_late,

sorry but I don't really found the file from where I installed Avira but I'm sure it was from the official site, so normally it's safe...
As long as you are sure you got it from the official site, no problem.

Second, I can't go to an "administrator-style" (don't know how to say it) beacause when I right-clic, nothing happends! sorry, I don't really understand, I never asked for having sessions and administrator, Windows grrr!
You are already logged in as Administrator. Also no problem if you can get the tools to run.

There is another file named Extras.txt on the desktop that was created when you ran OTL. Please post the contents of that log.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Iexplorer or firefox, even Opera, every of them eat my CPU

Unread postby Choko_late » July 19th, 2009, 10:04 pm

uh, sorry, I can use program as an administtrator, I just didn't right-clic on the .exe... sorry...
I'll do it again... thanks for comprehension...

for Rooter:

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows Vista Home Edition (6.0.6001) Service Pack 1
[32_bits] - x86 Family 6 Model 14 Stepping 12, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Disabled !
.
Internet Explorer 8.0.6001.18783
Mozilla Firefox 3.5 (fr)
.
C:\ [Fixed-NTFS] .. ( Total:96 Go - Free:40 Go )
D:\ [Fixed-NTFS] .. ( Total:6 Go - Free:2 Go )
E:\ [CD_Rom]
F:\ [Removable]
H:\ [Fixed-FAT32] .. ( Total:232 Go - Free:23 Go )
.
Scan : 21:53.39
Path : C:\Users\cam et Axel\Desktop\Sécurité\Rooter.exe
User : cam et Axel ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (436)
______ C:\Windows\system32\csrss.exe (512)
______ C:\Windows\system32\wininit.exe (548)
______ C:\Windows\system32\csrss.exe (568)
______ C:\Windows\system32\services.exe (604)
______ C:\Windows\system32\lsass.exe (620)
______ C:\Windows\system32\lsm.exe (628)
______ C:\Windows\system32\winlogon.exe (780)
______ C:\Windows\system32\svchost.exe (812)
______ C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (880)
______ C:\Windows\system32\svchost.exe (932)
Locked cmdagent.exe (1004)
______ C:\Windows\system32\svchost.exe (1068)
______ C:\Windows\System32\svchost.exe (1108)
______ C:\Windows\System32\svchost.exe (1180)
______ C:\Windows\System32\svchost.exe (1208)
______ C:\Windows\system32\svchost.exe (1220)
Locked audiodg.exe (1304)
______ C:\Windows\system32\svchost.exe (1332)
______ C:\Windows\system32\SLsvc.exe (1348)
______ C:\Windows\system32\svchost.exe (1412)
______ C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (1640)
______ C:\Windows\system32\WLANExt.exe (1648)
______ C:\Windows\System32\spoolsv.exe (1800)
______ C:\Program Files\Avira\AntiVir Desktop\sched.exe (1836)
______ C:\Windows\system32\svchost.exe (1848)
______ C:\Windows\system32\agrsmsvc.exe (284)
______ C:\Program Files\Avira\AntiVir Desktop\avguard.exe (380)
______ C:\Windows\system32\svchost.exe (500)
______ C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (820)
______ C:\Windows\system32\svchost.exe (1544)
______ C:\Windows\system32\TODDSrv.exe (1600)
______ C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (768)
______ C:\Windows\System32\svchost.exe (2100)
______ C:\Windows\system32\SearchIndexer.exe (2168)
______ C:\Windows\system32\wbem\unsecapp.exe (2660)
______ C:\Windows\system32\wbem\wmiprvse.exe (2800)
______ C:\Windows\system32\taskeng.exe (3224)
______ C:\Windows\system32\Dwm.exe (2844)
______ C:\Windows\system32\taskeng.exe (2240)
______ C:\Windows\Explorer.EXE (3056)
______ C:\Program Files\Windows Defender\MSASCui.exe (3524)
______ C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (3468)
______ C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (3632)
______ C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (3496)
______ C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (3644)
______ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (3200)
Locked cfp.exe (3680)
______ C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (3184)
______ C:\Windows\System32\igfxtray.exe (3592)
______ C:\Windows\System32\hkcmd.exe (3332)
______ C:\Windows\System32\igfxpers.exe (2380)
______ C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (3872)
______ C:\Program Files\Windows Sidebar\sidebar.exe (3088)
______ C:\Program Files\ltmoh\ltmoh.exe (3880)
______ C:\Windows\ehome\ehtray.exe (2412)
______ C:\Program Files\Skype\Phone\Skype.exe (2300)
______ C:\Program Files\Windows Live\Messenger\msnmsgr.exe (2896)
______ C:\Windows\system32\igfxsrvc.exe (2256)
______ C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe (3276)
______ C:\Windows\system32\WUDFHost.exe (3300)
______ C:\Windows\ehome\ehmsas.exe (2284)
______ C:\Program Files\Synaptics\SynTP\SynToshiba.exe (1052)
______ C:\Program Files\Windows Sidebar\sidebar.exe (4356)
______ C:\Program Files\Skype\Plugin Manager\skypePM.exe (4884)
______ C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (5636)
______ C:\Windows\system32\conime.exe (5648)
______ C:\Program Files\Winamp\winamp.exe (2864)
______ C:\Program Files\Internet Explorer\iexplore.exe (4568)
______ C:\Program Files\Windows Live\Toolbar\wltuser.exe (4492)
______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (808)
______ C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (556)
______ C:\Users\cam et Axel\Desktop\Sécurité\OTL.exe (4800)
______ C:\Program Files\Internet Explorer\iexplore.exe (6016)
______ C:\Users\cam et Axel\Desktop\Sécurité\OTL.exe (4308)
______ C:\Program Files\Internet Explorer\iexplore.exe (4200)
______ C:\Windows\system32\SearchProtocolHost.exe (5064)
______ C:\Windows\system32\SearchFilterHost.exe (1116)
______ C:\Users\cam et Axel\Desktop\Sécurité\Rooter.exe (5404)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:1048576 | Length:1572864000)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:1573912576 | Length:103504936960)
\Device\Harddisk0\Partition3 (Start_Offset:105078849536 | Length:7825522688)
\Device\Harddisk0\Partition0 (Start_Offset:112908418560 | Length:7114867200)
\Device\Harddisk0\Partition4 (Start_Offset:112908450816 | Length:7114834944)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Ad-Aware Update (Weekly).job
C:\Windows\Tasks\Driver Robot.job
C:\Windows\Tasks\DriverCure.job
C:\Windows\Tasks\ParetoLogic Update Version2.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\User_Feed_Synchronization-{42C4E31F-7980-4CAF-9C65-BC128CED30F0}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 21:53.47
.
C:\Rooter$\Rooter_2.txt - (19/07/2009 | 21:53.47)


and for OTL:

OTL.txt

OTL logfile created on: 19/07/2009 9:52:57 PM - Run 2
OTL by OldTimer - Version 3.0.9.2 Folder = C:\Users\cam et Axel\Desktop\Sécurité
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.49 Gb Total Physical Memory | 0.62 Gb Available Physical Memory | 41.42% Memory free
3.23 Gb Paging File | 1.53 Gb Available in Paging File | 47.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 96.40 Gb Total Space | 40.61 Gb Free Space | 42.13% Space Free | Partition Type: NTFS
Drive D: | 6.63 Gb Total Space | 2.49 Gb Free Space | 37.59% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1.92 Gb Total Space | 0.68 Gb Free Space | 35.70% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
Drive H: | 232.83 Gb Total Space | 23.89 Gb Free Space | 10.26% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: ORDIDECAMETAXEL
Current User Name: cam et Axel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/01/05 07:21:53 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
PRC - [2009/07/05 08:35:20 | 00,707,152 | ---- | M] (COMODO) -- C:\Program Files\COMODO\Firewall\cmdagent.exe
PRC - [2009/07/07 07:18:01 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/07/13 20:29:11 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2006/10/04 21:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2009/07/13 20:29:11 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2006/05/25 18:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/10/11 18:02:38 | 00,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2008/01/19 03:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/03/02 22:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2008/10/29 02:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/01/19 03:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/05/22 10:50:02 | 00,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007/10/11 18:02:56 | 00,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2007/06/15 21:01:58 | 00,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2007/10/11 14:02:02 | 00,712,704 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009/03/20 07:36:38 | 01,451,304 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2009/07/05 08:35:51 | 01,793,808 | ---- | M] (COMODO) -- C:\Program Files\COMODO\Firewall\cfp.exe
PRC - [2009/03/02 13:08:11 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/06/18 14:01:34 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2008/06/18 14:01:26 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/06/18 14:01:30 | 00,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2009/07/07 07:18:02 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2008/01/19 03:33:30 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2007/01/08 23:23:04 | 00,191,552 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2008/01/19 03:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2009/05/26 19:41:16 | 24,264,488 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2008/06/18 14:01:32 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2007/07/19 16:27:18 | 04,765,184 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/01/19 03:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/19 03:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2009/03/20 07:36:58 | 00,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2008/01/19 03:33:30 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009/05/26 19:41:16 | 00,077,360 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/03/20 07:36:38 | 00,103,720 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008/01/19 03:33:04 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/07/01 12:38:40 | 01,481,056 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe
PRC - [2009/03/08 17:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/06 18:21:00 | 00,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2008/05/23 21:57:55 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/01/05 07:21:39 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
PRC - [2009/07/18 20:05:30 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\cam et Axel\Desktop\Sécurité\OTL.exe
PRC - [2009/03/08 17:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/07/18 20:05:30 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\cam et Axel\Desktop\Sécurité\OTL.exe
PRC - [2009/03/08 17:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/06/24 18:25:55 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2006/10/04 21:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])
SRV - [2009/07/13 20:29:11 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/07/13 20:29:11 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2008/05/28 20:12:12 | 00,069,120 | ---- | M] (BOONTY) -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games [Disabled | Stopped])
SRV - [2008/01/05 07:26:41 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/07/05 08:35:20 | 00,707,152 | ---- | M] (COMODO) -- C:\Program Files\COMODO\Firewall\cmdagent.exe -- (cmdAgent [Auto | Running])
SRV - [2008/01/19 03:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/01/19 03:36:53 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2008/01/05 07:21:53 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [Auto | Running])
SRV - [2009/05/18 08:32:56 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/01/05 07:21:39 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Running])
SRV - [2009/07/07 07:18:01 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2008/01/05 07:21:39 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/02/20 04:13:54 | 00,145,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2006/05/25 18:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv [Auto | Running])
SRV - [2007/10/11 18:02:38 | 00,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv [Auto | Running])
SRV - [2008/01/19 03:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/19 03:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/11/02 05:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 05:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 05:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/28 00:11:00 | 01,161,888 | ---- | M] (Agere Systems) -- C:\Windows\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2006/11/02 05:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2006/11/02 05:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2006/11/02 05:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 05:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2009/02/17 20:01:34 | 01,093,632 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\DRIVERS\athr.sys -- (athr [On_Demand | Running])
DRV - [2009/02/13 12:34:33 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2009/03/24 16:07:58 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2009/03/30 10:32:47 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\Windows\System32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2006/11/02 04:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 04:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 04:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 04:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 04:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 04:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2009/07/07 20:17:47 | 00,128,888 | ---- | M] (COMODO) -- C:\Windows\System32\DRIVERS\cmdguard.sys -- (cmdGuard [System | Running])
DRV - [2009/07/05 08:36:54 | 00,029,520 | ---- | M] (COMODO) -- C:\Windows\System32\DRIVERS\cmdhlp.sys -- (cmdHlp [System | Running])
DRV - [2006/11/02 05:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2008/06/10 22:38:57 | 00,018,816 | ---- | M] (RIF) -- C:\Windows\System32\DRIVERS\dvd43llh.sys -- (dvd43llh [On_Demand | Running])
DRV - [2006/11/02 03:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2006/11/02 05:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2007/03/08 18:18:00 | 00,008,320 | ---- | M] (GARMIN Corp.) -- C:\Windows\System32\drivers\grmnusb.sys -- (grmnusb [On_Demand | Stopped])
DRV - [2006/11/02 05:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2008/06/18 13:38:20 | 02,307,584 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (ialm [On_Demand | Stopped])
DRV - [2006/11/02 05:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2008/06/18 13:38:20 | 02,307,584 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (igfx [On_Demand | Running])
DRV - [2006/11/02 05:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2009/07/05 08:39:25 | 00,074,328 | ---- | M] (COMODO) -- C:\Windows\System32\DRIVERS\inspect.sys -- (inspect [System | Running])
DRV - [2006/11/02 05:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 05:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2009/07/07 07:18:13 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2006/07/28 16:25:26 | 00,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter [Boot | Running])
DRV - [2006/11/02 05:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 05:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 05:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2006/11/02 05:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2006/11/02 05:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2008/06/23 19:17:12 | 00,027,136 | ---- | M] (NCH Swift Sound) -- C:\Windows\System32\drivers\nchssvad.sys -- (NCHSSVAD [On_Demand | Stopped])
DRV - [2006/11/02 05:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 03:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2006/11/02 05:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006/11/02 05:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2006/11/02 05:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2009/05/25 14:50:44 | 00,164,864 | ---- | M] (Realtek ) -- C:\Windows\System32\DRIVERS\Rtlh86.sys -- (RTL8169 [On_Demand | Running])
DRV - [2006/11/02 02:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2005/01/14 12:14:07 | 00,047,616 | ---- | M] (Protection Technology) -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Stopped])
DRV - [2004/10/28 06:47:59 | 00,006,656 | ---- | M] (Protection Technology) -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
DRV - [2004/12/03 06:20:41 | 00,020,544 | ---- | M] (Protection Technology) -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
DRV - [2006/11/02 05:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 05:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2008/05/28 20:10:42 | 00,716,272 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2009/07/13 20:29:11 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2006/11/02 05:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 05:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 05:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2009/03/20 07:37:42 | 00,208,688 | ---- | M] (Synaptics Incorporated) -- C:\Windows\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2006/10/18 11:50:04 | 00,016,128 | ---- | M] (TOSHIBA Corporation.) -- C:\Windows\System32\DRIVERS\tdcmdpst.sys -- (tdcmdpst [On_Demand | Running])
DRV - [2007/11/09 05:00:52 | 00,023,640 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ [Boot | Running])
DRV - [2009/07/05 21:11:24 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\Windows\System32\DRIVERS\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
DRV - [2006/11/02 05:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 05:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2007/04/16 10:19:10 | 00,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) -- C:\Windows\System32\Drivers\UVCFTR_S.SYS -- (UVCFTR [On_Demand | Running])
DRV - [2006/11/02 05:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2006/11/02 05:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1214721553-2275925957-17590425-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1214721553-2275925957-17590425-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.blackle.com/
IE - HKU\S-1-5-21-1214721553-2275925957-17590425-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1214721553-2275925957-17590425-1000\S-1-5-21-1214721553-2275925957-17590425-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5

FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/06 16:00:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/06 15:59:52 | 00,000,000 | ---D | M]

[2009/07/06 16:00:31 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\mozilla\Extensions
[2009/07/06 16:00:31 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/06 16:00:31 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\mozilla\Firefox\Profiles\cdjhjjl3.default\extensions
[2009/07/06 15:59:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/06 15:59:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/24 11:27:47 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/24 11:27:47 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/06/24 11:27:47 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/06/24 08:31:33 | 00,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2009/06/24 08:31:33 | 00,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009/06/24 08:31:33 | 00,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2009/06/24 08:31:33 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 08:31:33 | 00,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2009/06/24 08:31:33 | 00,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKU\S-1-5-21-1214721553-2275925957-17590425-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1214721553-2275925957-17590425-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-1214721553-2275925957-17590425-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [COMODO Firewall Pro] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-1214721553-2275925957-17590425-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1214721553-2275925957-17590425-1000..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
O4 - HKU\S-1-5-21-1214721553-2275925957-17590425-1000..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1214721553-2275925957-17590425-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1214721553-2275925957-17590425-1000..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-1214721553-2275925957-17590425-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\cam et Axel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE File not found
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Programmes\Microsoft Office\OFFICE11\EXCEL.EXE File not found
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmes\Microsoft Office\OFFICE11\REFIEBAR.DLL File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/Fac ... oader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resourc ... dfr-be.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://sdlc-esd.sun.com/ESD42/JSCDL/jre ... 586-jc.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmes\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll File not found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmes\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll File not found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmes\Common Files\microsoft shared\Web Components\11\OWC11.DLL File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmes\Common Files\Skype\Skype4COM.dll File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/06/13 22:43:16 | 00,000,000 | R--D | M] - H:\autorun -- [ FAT32 ]
O33 - MountPoints2\{b51ac4f0-803f-11dd-b4e0-001b381c4689}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[5 C:\Windows\System32\*.tmp files]
[2009/07/19 21:53:23 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/07/19 08:58:57 | 00,000,188 | ---- | C] () -- C:\Users\cam et Axel\Desktop\AXL 232GB (H) - Raccourci.lnk
[2009/07/17 21:48:39 | 00,000,000 | ---D | C] -- C:\Users\cam et Axel\AppData\Local\Adobe
[2009/07/17 16:48:56 | 00,000,182 | ---- | C] () -- C:\Users\cam et Axel\Desktop\MP3 (F) - Raccourci.lnk
[2009/07/17 13:56:37 | 00,000,000 | ---D | C] -- C:\Users\cam et Axel\AppData\Roaming\Malwarebytes
[2009/07/17 13:56:31 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/17 13:56:28 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/17 13:56:28 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/07/17 13:56:12 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/17 13:36:02 | 00,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2009/07/17 11:09:44 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009/07/15 12:47:47 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009/07/15 12:47:46 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/07/15 12:47:46 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/07/15 12:47:46 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2009/07/15 10:21:45 | 00,000,000 | R--D | C] -- C:\la_maison_aux_lilas_de_lanse
[2009/07/14 09:09:31 | 00,000,760 | ---- | C] () -- C:\Users\cam et Axel\Desktop\Music.lnk
[2009/07/13 15:28:02 | 00,000,000 | ---D | C] -- C:\WebUpdater
[2009/07/13 15:24:11 | 00,018,432 | ---- | C] (GARMIN Corp.) -- C:\Windows\System32\drivers\grmngen.sys
[2009/07/13 15:24:09 | 00,008,320 | ---- | C] (GARMIN Corp.) -- C:\Windows\System32\drivers\grmnusb.sys
[2009/07/13 15:23:49 | 00,000,000 | ---D | C] -- C:\Garmin
[2009/07/13 15:10:09 | 00,000,000 | ---D | C] -- C:\Program Files\dnrgarmin
[2009/07/13 13:59:05 | 00,000,000 | R--D | C] -- C:\Users\cam et Axel\Desktop\La Maison aux Lilas de l'Anse
[2009/07/12 15:17:41 | 00,000,205 | ---- | C] () -- C:\Users\cam et Axel\Desktop\Lecteur CD - Raccourci.lnk
[2009/07/07 20:35:02 | 00,000,000 | ---D | C] -- C:\Users\cam et Axel\Desktop\film
[2009/07/07 15:13:02 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/07/07 07:49:28 | 00,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/07/07 07:22:17 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/07/07 07:22:17 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/07/07 07:21:45 | 00,000,512 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/07/07 07:11:31 | 00,000,000 | -H-D | C] -- C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/07/07 07:11:15 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/07/06 23:16:55 | 00,000,000 | ---D | C] -- C:\Users\cam et Axel\AppData\Roaming\Lavasoft
[2009/07/06 23:16:37 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/07/06 22:10:33 | 00,000,000 | ---D | C] -- C:\swsetup
[2009/07/06 22:08:53 | 00,000,000 | ---D | C] -- C:\DRIVERS
[2009/07/06 22:03:51 | 00,000,000 | -H-D | C] -- C:\Program Files\Temp
[2009/07/06 22:01:02 | 00,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2009/07/06 22:01:02 | 00,000,000 | ---D | C] -- C:\Program Files\Intel
[2009/07/06 20:52:58 | 00,397,312 | ---- | C] (Atheros) -- C:\Windows\System32\athihvs.dll
[2009/07/06 20:52:58 | 00,061,440 | ---- | C] (Atheros) -- C:\Windows\System32\athihvui.dll
[2009/07/06 20:52:58 | 00,000,000 | ---D | C] -- C:\Windows\System32\nn-NO
[2009/07/06 20:47:16 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/07/06 20:46:42 | 00,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/07/06 16:00:14 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/06 16:00:08 | 00,000,000 | ---D | C] -- C:\Users\cam et Axel\AppData\Roaming\Mozilla
[2009/07/06 16:00:08 | 00,000,000 | ---D | C] -- C:\Users\cam et Axel\AppData\Local\Mozilla
[2009/07/06 15:59:41 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/07/06 15:55:41 | 00,000,526 | ---- | C] () -- C:\Users\cam et Axel\Desktop\FinePix S1000fd - Raccourci.lnk
[2009/07/06 15:10:59 | 00,029,696 | ---- | C] () -- C:\Users\cam et Axel\Documents\recherche logement.doc
[2009/07/06 14:42:09 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloads
[2009/07/06 14:40:34 | 00,000,428 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2009/07/06 14:40:20 | 00,000,392 | ---- | C] () -- C:\Windows\tasks\DriverCure.job
[2009/07/06 14:40:08 | 00,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2009/07/06 14:40:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2009/07/06 14:39:01 | 00,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2009/07/05 21:46:30 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2009/07/05 21:19:10 | 00,000,000 | ---D | C] -- C:\Users\cam et Axel\AppData\Roaming\DriverCure
[2009/07/05 21:19:01 | 00,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2009/07/05 21:19:01 | 00,000,000 | ---D | C] -- C:\ProgramData\DriverCure
[2009/07/05 21:11:33 | 00,023,600 | ---- | C] (EnTech Taiwan) -- C:\Windows\System32\drivers\TVICHW32.SYS
[2009/07/05 19:20:01 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2009/06/29 16:53:21 | 00,000,422 | ---- | C] () -- C:\Windows\tasks\Driver Robot.job
[2009/06/24 19:17:47 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2009/06/24 19:02:45 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/06/24 19:02:44 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/06/24 19:02:43 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/06/24 19:02:43 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/06/24 19:02:43 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/06/24 19:02:43 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/06/24 19:02:42 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/06/24 19:02:42 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/06/24 19:02:41 | 01,207,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/06/24 19:02:41 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/06/24 19:02:40 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/06/24 19:02:38 | 11,064,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/06/24 19:02:38 | 05,936,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/06/24 19:00:27 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/06/24 19:00:27 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/06/24 19:00:27 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/06/24 19:00:27 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/06/24 19:00:26 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/06/24 19:00:26 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/06/24 19:00:26 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/06/24 19:00:25 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/06/24 19:00:25 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/06/24 19:00:25 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/06/24 19:00:25 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/06/24 19:00:25 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/06/24 19:00:24 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/06/24 19:00:24 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/06/24 19:00:24 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/06/24 19:00:24 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/06/24 19:00:24 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/06/24 19:00:24 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/06/24 19:00:24 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/06/24 19:00:23 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/06/24 19:00:23 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/06/24 19:00:23 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/06/24 19:00:23 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/06/24 19:00:23 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/06/24 19:00:23 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/06/24 19:00:23 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/06/24 19:00:23 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/06/24 19:00:22 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/06/24 19:00:22 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/06/24 19:00:21 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/06/24 19:00:21 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/06/24 19:00:21 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/06/24 19:00:20 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/06/24 19:00:19 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/06/24 19:00:19 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/06/24 19:00:19 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/06/24 19:00:19 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/06/24 19:00:19 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/06/24 19:00:19 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/06/24 19:00:19 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/06/24 19:00:19 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/06/24 19:00:19 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/06/20 15:39:06 | 00,000,000 | ---D | C] -- C:\Users\cam et Axel\Desktop\musique CAM
[2009/04/27 16:28:01 | 00,000,382 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/04/05 20:46:16 | 00,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2008/11/30 20:50:02 | 00,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI
[2008/10/20 13:58:41 | 00,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2008/06/18 13:51:06 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll
[2008/06/10 22:38:40 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/06/10 22:38:40 | 00,548,864 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2008/06/10 22:38:40 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/06/10 22:38:40 | 00,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2008/06/10 22:38:40 | 00,061,440 | ---- | C] () -- C:\Windows\System32\cygz.dll
[2008/06/10 22:38:40 | 00,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2008/05/28 20:10:42 | 00,716,272 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/05/21 22:59:25 | 00,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/05/21 22:59:25 | 00,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/05/21 22:59:25 | 00,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/05/21 22:59:25 | 00,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/05/21 22:27:22 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2008/02/11 19:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 06:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 00:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1998/10/11 01:07:38 | 00,088,576 | ---- | C] () -- C:\Windows\System32\Iticheck.dll

========== Files - Modified Within 30 Days ==========

[5 C:\Windows\System32\*.tmp files]
[2009/07/19 20:59:23 | 00,004,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/19 20:59:23 | 00,004,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/19 20:06:16 | 00,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2009/07/19 18:13:21 | 00,722,956 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/07/19 18:13:21 | 00,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/07/19 18:13:21 | 00,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/07/19 18:13:21 | 00,037,586 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2009/07/19 18:13:21 | 00,013,966 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2009/07/19 17:06:34 | 00,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{42C4E31F-7980-4CAF-9C65-BC128CED30F0}.job
[2009/07/19 16:59:13 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/19 16:59:09 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/19 16:59:07 | 16,002,49856 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/19 09:39:11 | 04,127,941 | -H-- | M] () -- C:\Users\cam et Axel\AppData\Local\IconCache.db
[2009/07/19 08:58:57 | 00,000,188 | ---- | M] () -- C:\Users\cam et Axel\Desktop\AXL 232GB (H) - Raccourci.lnk
[2009/07/18 17:39:31 | 00,053,760 | ---- | M] () -- C:\Users\cam et Axel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/17 16:48:56 | 00,000,182 | ---- | M] () -- C:\Users\cam et Axel\Desktop\MP3 (F) - Raccourci.lnk
[2009/07/17 00:35:00 | 00,000,428 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2009/07/16 18:58:01 | 00,000,760 | ---- | M] () -- C:\Users\cam et Axel\Desktop\Music.lnk
[2009/07/15 18:53:16 | 00,364,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 20:29:11 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/12 15:17:41 | 00,000,205 | ---- | M] () -- C:\Users\cam et Axel\Desktop\Lecteur CD - Raccourci.lnk
[2009/07/07 20:17:52 | 00,179,792 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
[2009/07/07 20:17:47 | 00,128,888 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2009/07/07 11:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/07/07 07:24:42 | 00,000,512 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/07/07 07:19:01 | 00,015,688 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2009/07/07 07:18:13 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/07/07 02:31:02 | 00,000,392 | ---- | M] () -- C:\Windows\tasks\DriverCure.job
[2009/07/06 22:20:00 | 00,016,096 | ---- | M] () -- C:\Windows\System32\results.xml
[2009/07/06 22:03:59 | 00,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2009/07/06 20:46:42 | 00,001,746 | ---- | M] () -- C:\Windows\Language_trs.ini
[2009/07/06 16:00:14 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2009/07/06 15:55:41 | 00,000,526 | ---- | M] () -- C:\Users\cam et Axel\Desktop\FinePix S1000fd - Raccourci.lnk
[2009/07/06 15:10:59 | 00,029,696 | ---- | M] () -- C:\Users\cam et Axel\Documents\recherche logement.doc
[2009/07/05 21:11:24 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\Windows\System32\drivers\TVICHW32.SYS
[2009/07/05 08:39:25 | 00,074,328 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2009/07/05 08:36:54 | 00,029,520 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2009/06/30 08:46:09 | 00,000,422 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2009/06/25 18:18:21 | 00,000,290 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/06/24 19:17:47 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf

========== LOP Check ==========

[2009/07/17 13:56:37 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming
[2009/07/19 21:30:16 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\com.zipeg
[2009/07/05 21:19:30 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\DriverCure
[2009/06/19 20:58:10 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\dvdcss
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\Media Center Programs
[2008/07/28 17:24:39 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\NCH Software
[2009/05/02 19:11:39 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\NCH Swift Sound
[2009/06/12 22:08:18 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\Opera
[2009/07/16 19:58:20 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\Shareaza
[2008/05/21 23:15:44 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\toshiba
[2008/10/11 21:05:10 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\U3
[2008/06/13 18:01:02 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\Uniblue
[2009/05/31 23:14:57 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\uTorrent
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Media Center Programs
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Media Center Programs
[2009/07/07 07:24:42 | 00,000,512 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/06/30 08:46:09 | 00,000,422 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2009/07/07 02:31:02 | 00,000,392 | ---- | M] () -- C:\Windows\Tasks\DriverCure.job
[2009/07/17 00:35:00 | 00,000,428 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job
[2009/07/19 16:59:13 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/07/19 12:54:44 | 00,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/19 17:06:34 | 00,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{42C4E31F-7980-4CAF-9C65-BC128CED30F0}.job

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\cam et Axel\Documents\Mes fichiers reçus:Shareaza.GUID
< End of report >

and Extras.txt

OTL Extras logfile created on: 19/07/2009 9:52:57 PM - Run 2
OTL by OldTimer - Version 3.0.9.2 Folder = C:\Users\cam et Axel\Desktop\Sécurité
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.49 Gb Total Physical Memory | 0.62 Gb Available Physical Memory | 41.42% Memory free
3.23 Gb Paging File | 1.53 Gb Available in Paging File | 47.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 96.40 Gb Total Space | 40.61 Gb Free Space | 42.13% Space Free | Partition Type: NTFS
Drive D: | 6.63 Gb Total Space | 2.49 Gb Free Space | 37.59% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1.92 Gb Total Space | 0.68 Gb Free Space | 35.70% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
Drive H: | 232.83 Gb Total Space | 23.89 Gb Free Space | 10.26% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: ORDIDECAMETAXEL
Current User Name: cam et Axel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1214721553-2275925957-17590425-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DCEFEA72-BB14-461D-A1D2-A8F1D532C92F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F3A4721A-2D7E-457E-8EDE-B23C00AC1600}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{054311F3-2A17-45EF-859D-CB7821546F7C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{150A5F6A-3815-4400-9445-AD60C05D58D4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1723E8AA-1724-44D5-82DA-221A0EE4F8F6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{22C65408-18FF-421E-98C2-01638644E6DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A62957B-AFDC-4E7B-B7CC-E6F92852DD2A}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{3AB9A310-5AD7-44FA-BD31-5A25005DC111}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3ADB83B7-801F-4950-96C5-1BC739F2E6C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3B72026E-321B-40DC-9E15-F9A859AB809D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4129BFBD-2EA9-438B-8A27-991A608F9BAE}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{501EBE2B-101A-44AD-A5E5-BA44EE1670E9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E2EA5C6-4649-49CE-BB66-A73B938A9E26}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{64CA389B-82EE-470C-8330-6FA3B33E3819}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{68F65B40-1A97-46CB-9BDD-83004C19AD0E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6A021AAC-B5FF-45CB-9FD5-E28B18F9EB4D}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{6D157396-EBD1-4D96-A937-21F6117CC0B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{77DB21C7-83C8-4C64-9337-9932AF421E19}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{79216EFB-57CD-4ACC-91B4-62A7D8897DAE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7CE78871-4C43-4DAD-B036-8214B5CBC04B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7E9E6DC7-13ED-4B7D-9C91-9FB0E530EBAA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8E723A22-1AFA-4E2E-B7D8-43BD5EA1D4E2}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{9576C0D4-E441-4BAD-B81E-3C6767D6533E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{9998F0D8-FA6C-43AD-9218-0B29D9065C7D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9C3F7562-2509-4B53-BC2F-315A03D3AD07}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A07AC268-4E2F-4BF5-B49A-AC647727DE1A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A5973FC9-ECFC-4EAD-B4D4-42DD0AAA4B0D}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{AD72C3D7-7181-4D35-915B-C1C0310845E4}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{BA50843C-A353-4C9E-AEF8-BCAA389DA04F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C3B7B3DD-C54D-438E-A0A4-BC36B45A710E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C472A02B-9200-41FE-90E8-856B9A358ADB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C50B8391-D37A-4FE2-8DD0-1C29BA910495}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C8E0402B-BD78-43DE-B638-18CCC4BC015F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CDD5218A-1F1B-462A-A053-BC8DF0367833}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{DC7E5459-6564-451A-BEC9-DD7789BBD56E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DEC8D3EB-68CA-406C-961E-72CD63CC9495}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{E2E0D76A-E217-4F70-9F67-4B994FA8B2AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E33446D3-C60D-46C6-A79D-1D958EB85A9B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E99F3D87-A04A-4C9F-8E14-06FC7C3D291D}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{F9961288-FBE1-4751-B100-5265FAF1FE89}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FFC2582B-9345-45ED-9472-B8137BDB1EF2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{19A2E73C-3A21-4C32-9121-294CD2652138}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"TCP Query User{4D646ECD-B8F1-4E80-8A70-B428258C6B85}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{50EB4C10-5E75-4C54-8401-1408136C3623}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{5EDF479A-1E46-464F-9F12-F928862B5A46}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"TCP Query User{6402FFBD-117B-4320-B699-2CE3D1C86F46}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{773D7F1B-7306-4267-A1E1-1CBF2A256E0A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{9B6B1BF6-5150-46D9-9C5B-6ADCF8EA1F0D}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{B6A4F749-27C5-4B47-8EB0-EABACDBC2766}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe |
"TCP Query User{BA1EEC1E-E500-4DF9-8EA8-AE8017F96AF5}C:\program files\adsltv\adsltv.exe" = protocol=6 | dir=in | app=c:\program files\adsltv\adsltv.exe |
"TCP Query User{D3E4473A-D58B-479F-9A36-1D52DBD9C9EC}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe |
"UDP Query User{2B464FD8-3A6E-4509-B0AA-E1C3CA05737F}C:\program files\adsltv\adsltv.exe" = protocol=17 | dir=in | app=c:\program files\adsltv\adsltv.exe |
"UDP Query User{8C89D9F7-92A3-4822-9D61-807D43D60330}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"UDP Query User{AADAA93B-8298-4B81-874F-5708A44CB144}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{D0B76765-1959-4C49-8131-27BD08DE279A}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe |
"UDP Query User{D1A8CDD1-62EC-4F9D-9E82-1CAFC7638030}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{DDA92237-5BF9-491C-8D00-88C584E26563}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"UDP Query User{DFB29A67-5F83-4F72-B61E-DFAD29883BE3}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{E9CEAC5A-97B6-492F-9DA4-78790744D6ED}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{EB60D57F-650C-4C2D-A57F-8C85C58B6708}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{F8CC7AFD-1D4F-4581-BA19-0E985D83BC04}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{059C042E-796A-4ACC-A81A-ECC2010BB78C}" = Windows Live Messenger
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1E0D8F69-A6AB-4934-9B2D-159D9F97BA4A}" = ParetoLogic DriverCure
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3A2AF807-9F9F-43C9-A24A-17B617238B74}" = OpenOffice.org Installer 1.0
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{44E54A81-9D91-4AA1-9417-80AFF134F5FF}" = Galerie de photos Windows Live
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{63DC2DA0-2A6C-4C38-9249-B75395458657}" = Windows Live Mail
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7370DF47-B4F9-4279-BFC3-3F09919F720D}" = Installation Windows Live
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{9084040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{9112040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}" = Windows Live Sync
"{AC76BA86-7AD7-1036-7B44-A81200000003}" = Adobe Reader 8.1.2 - Français
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E12337CF-154E-4191-A024-76561E06F3FF}" = DNRGarmin
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AskSBar Uninstall" = Ask Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"COMODO Firewall Pro" = COMODO Firewall Pro
"DVD Shrink_is1" = DVD Shrink 3.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5)" = Mozilla Firefox (3.5)
"PCFriendly" = PCFriendly
"Postal 2" = Postal 2
"Postal 2 Apocalypse Weekend Expansion Pack" = Postal 2 Apocalypse Weekend Expansion Pack
"Power DVD to AVI XVID Extractor_is1" = Power DVD to AVI XVID Extractor 6.0.2
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Installation Windows Live
"Zipeg" = Zipeg

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/07/2009 10:08:28 PM | Computer Name = Ordidecametaxel | Source = VSS | ID = 8194
Description =

Error - 06/07/2009 10:09:06 PM | Computer Name = Ordidecametaxel | Source = VSS | ID = 8194
Description =

Error - 06/07/2009 10:10:05 PM | Computer Name = Ordidecametaxel | Source = VSS | ID = 8194
Description =

Error - 06/07/2009 10:11:06 PM | Computer Name = Ordidecametaxel | Source = VSS | ID = 8194
Description =

Error - 07/07/2009 7:11:41 AM | Computer Name = Ordidecametaxel | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 12/07/2009 8:19:09 AM | Computer Name = Ordidecametaxel | Source = VSS | ID = 8194
Description =

Error - 12/07/2009 8:24:42 AM | Computer Name = Ordidecametaxel | Source = VSS | ID = 8194
Description =

Error - 12/07/2009 8:35:33 AM | Computer Name = Ordidecametaxel | Source = Application Error | ID = 1000
Description = Application défaillante RegCure.exe, version 1.5.2.7, horodatage 0x49590e89,
module défaillant unknown, version 0.0.0.0, horodatage 0x00000000, code d’exception
0xc0000005, décalage d’erreur 0x428d0824, ID du processus 0x15ec, heure de début
de l’application 0x01ca02ebfe10785b.

Error - 12/07/2009 3:19:31 PM | Computer Name = Ordidecametaxel | Source = Application Error | ID = 1000
Description = Application défaillante vlc.exe, version 0.8.6.0, horodatage 0x4675098d,
module défaillant libvlc.dll, version 0.0.0.0, horodatage 0x4675098d, code d’exception
0xc0000005, décalage d’erreur 0x0001177f, ID du processus 0x1228, heure de début
de l’application 0x01ca0325a8d086c0.

Error - 17/07/2009 11:23:22 PM | Computer Name = Ordidecametaxel | Source = Windows Search Service | ID = 3024
Description =

[ System Events ]
Error - 19/07/2009 10:30:02 AM | Computer Name = Ordidecametaxel | Source = Application Popup | ID = 875
Description = Le chargement du pilote sfdrv01.sys a été bloqué.

Error - 19/07/2009 10:30:43 AM | Computer Name = Ordidecametaxel | Source = HTTP | ID = 15016
Description =

Error - 19/07/2009 10:30:52 AM | Computer Name = Ordidecametaxel | Source = Service Control Manager | ID = 7026
Description =

Error - 19/07/2009 12:32:54 PM | Computer Name = Ordidecametaxel | Source = Application Popup | ID = 875
Description = Le chargement du pilote sfdrv01.sys a été bloqué.

Error - 19/07/2009 12:33:30 PM | Computer Name = Ordidecametaxel | Source = HTTP | ID = 15016
Description =

Error - 19/07/2009 12:33:39 PM | Computer Name = Ordidecametaxel | Source = Service Control Manager | ID = 7026
Description =

Error - 19/07/2009 12:35:23 PM | Computer Name = Ordidecametaxel | Source = Dhcp | ID = 1001
Description = Le réseau n'a attribué aucune adresse à votre ordinateur (par le serveur
DHCP) pour la carte réseau avec l'adresse réseau 001B9E36B2D9. Il s'est produit
l'erreur suivante : %%121. Votre ordinateur va continuer à essayer d'obtenir sa
propre adresse auprès du serveur d'adresse réseau (DHCP).

Error - 19/07/2009 4:58:31 PM | Computer Name = Ordidecametaxel | Source = Application Popup | ID = 875
Description = Le chargement du pilote sfdrv01.sys a été bloqué.

Error - 19/07/2009 4:59:13 PM | Computer Name = Ordidecametaxel | Source = HTTP | ID = 15016
Description =

Error - 19/07/2009 4:59:24 PM | Computer Name = Ordidecametaxel | Source = Service Control Manager | ID = 7026
Description =


< End of report >


I know there is some confidential things here so I hope I can trust you, but I'm sure I can... Thanks again for helping me...
Choko_late
Active Member
 
Posts: 8
Joined: July 7th, 2009, 2:43 pm

Re: Iexplorer or firefox, even Opera, every of them eat my CPU

Unread postby Jack&Jill » July 20th, 2009, 11:31 pm

Hello Choko_late :) ,

Is this your personal computer? Or do you use it for business means?

Are you aware of these folders and using them?
Code: Select all
C:\la_maison_aux_lilas_de_lanse
C:\Users\cam et Axel\Desktop\La Maison aux Lilas de l'Anse
C:\Users\cam et Axel\Documents\Mes fichiers reçus

Remove bad program
  • Go to Control Panel > Add/Remove Programs.
  • Please uninstall the following bad program (if present):

    Ask Toolbar

  • Read and proceed carefully when uninstalling so that you will not be tricked into keeping it.

Please download ERUNT© by Lars Hederer from one of the links below and save it to your desktop.

Link 1
Link 2
Link 3

Backup your registry with ERUNT
  • Double click on erunt-setup.exe and run the installation setup.
  • Follow the setup instructions until you reach Select Additional Tasks, uncheck (untick) Create NTREGOPT desktop icon.
  • Continue until you get prompted to run ERUNT at startup. Choose No.
  • Next, make sure Launch ERUNT is checked (ticked) and click Finish.
  • Click OK when ERUNT is launched, and accept all default setting. ERUNT will then backup the registry.

Fix with OTL
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here.
  • Double click on OTL.exe to run it.
  • Copy and paste the following text into the white box below Custom Scans/Fixes:
    Code: Select all
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "TCP Query User{19A2E73C-3A21-4C32-9121-294CD2652138}C:\program files\soulseekns\slsk.exe" =-
    "TCP Query User{5EDF479A-1E46-464F-9F12-F928862B5A46}C:\program files\soulseekns\slsk.exe" =-
    "TCP Query User{9B6B1BF6-5150-46D9-9C5B-6ADCF8EA1F0D}C:\program files\utorrent\utorrent.exe" =-
    "TCP Query User{B6A4F749-27C5-4B47-8EB0-EABACDBC2766}C:\program files\soulseek\slsk.exe" =-
    "TCP Query User{D3E4473A-D58B-479F-9A36-1D52DBD9C9EC}C:\program files\soulseek\slsk.exe" =-
    "UDP Query User{8C89D9F7-92A3-4822-9D61-807D43D60330}C:\program files\soulseekns\slsk.exe" =-
    "UDP Query User{D0B76765-1959-4C49-8131-27BD08DE279A}C:\program files\soulseek\slsk.exe" =-
    "UDP Query User{DDA92237-5BF9-491C-8D00-88C584E26563}C:\program files\soulseekns\slsk.exe" =-
    "UDP Query User{DFB29A67-5F83-4F72-B61E-DFAD29883BE3}C:\program files\utorrent\utorrent.exe" =-
    "UDP Query User{F8CC7AFD-1D4F-4581-BA19-0E985D83BC04}C:\program files\soulseek\slsk.exe" =-
    
    :otl
    SRV - [2008/05/28 20:12:12 | 00,069,120 | ---- | M] (BOONTY) -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games [Disabled | Stopped])
    O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O33 - MountPoints2\{b51ac4f0-803f-11dd-b4e0-001b381c4689}\Shell - "" = AutoRun
    [2009/07/16 19:58:20 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\Shareaza
    [2009/05/31 23:14:57 | 00,000,000 | ---D | M] -- C:\Users\cam et Axel\AppData\Roaming\uTorrent
    [2009/07/18 17:39:31 | 00,053,760 | ---- | M] () -- C:\Users\cam et Axel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
  • Click Run Fix.
  • Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
    Remember to enable your real time protection back.

I need you to upload a suspicious file to Jotti for an online scan. Click here.
  • Click the white box beside the Browse box.
  • Copy and paste the following file and its path to upload:
    Code: Select all
    C:\Windows\System32\auth.dll
  • Press Submit. The file will be submitted for testing.
  • Please wait for all the scanners to finish, then copy and paste the result into Notepad and save it to a convenient place.
  • Post the results in your next response.

Alternatively, if Jotti is busy or inaccessible, you may try VirusTotal or VirScan with similar steps.

A result from either one of the above scanners would be sufficient.

Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.
  • Click here to go to ESET Online Scanner page.
  • Click on ESET Online Scanner. A new window will open.
    For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
  • You will be prompted to install an ActiveX Control from ESET. Please install.
  • At the Computer scan settings section, uncheck (untick) Remove found threats and then check Scan archives.
  • Now, click on Advanced settings and make sure all these are checked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click on Scan to proceed.
  • Click Finish and close the window.
  • Navigate to C:\Program Files\ESET\ESET Online Scanner using Windows Explorer and look for log.txt.
  • Post the contents of log.txt in your reply.

Please post back:
1. the answers to the questions I asked about your computer and the folders
2. OTL fix log
3. Jotti results
4. ESET online scan report
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Iexplorer or firefox, even Opera, every of them eat my CPU

Unread postby Choko_late » July 22nd, 2009, 10:42 pm

Here is the erunt log:
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{19A2E73C-3A21-4C32-9121-294CD2652138}C:\program files\soulseekns\slsk.exe" not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5EDF479A-1E46-464F-9F12-F928862B5A46}C:\program files\soulseekns\slsk.exe" not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9B6B1BF6-5150-46D9-9C5B-6ADCF8EA1F0D}C:\program files\utorrent\utorrent.exe" not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B6A4F749-27C5-4B47-8EB0-EABACDBC2766}C:\program files\soulseek\slsk.exe" not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D3E4473A-D58B-479F-9A36-1D52DBD9C9EC}C:\program files\soulseek\slsk.exe" not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8C89D9F7-92A3-4822-9D61-807D43D60330}C:\program files\soulseekns\slsk.exe" not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D0B76765-1959-4C49-8131-27BD08DE279A}C:\program files\soulseek\slsk.exe" not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DDA92237-5BF9-491C-8D00-88C584E26563}C:\program files\soulseekns\slsk.exe" not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DFB29A67-5F83-4F72-B61E-DFAD29883BE3}C:\program files\utorrent\utorrent.exe" not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F8CC7AFD-1D4F-4581-BA19-0E985D83BC04}C:\program files\soulseek\slsk.exe" not found.
========== OTL ==========

Service\Driver Boonty Games deleted successfully.
C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}\ not found.
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL unregistered successfully.
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}\ not found.
File C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b51ac4f0-803f-11dd-b4e0-001b381c4689}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b51ac4f0-803f-11dd-b4e0-001b381c4689}\ not found.
C:\Users\cam et Axel\AppData\Roaming\Shareaza moved successfully.
C:\Users\cam et Axel\AppData\Roaming\uTorrent moved successfully.
C:\Users\cam et Axel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.

OTL by OldTimer - Version 3.0.10.0 log created on 07222009_223123




But I don't have such a goo connexion for the online scan of the entire computer.. I made the ananlyse of the file auth.dll, and 0 out of 21 scanners reported malware.
File size: 23040 bytes
Filetype: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5: 87691e8367638e518ef5b048336c1788
SHA1: 2fee6ae82cc575a6e6708f86b5e2a31e69d39d2e
Packer (Avast): UPX
Packer (Drweb): UPX
Packer (Kaspersky): UPX


etc...
I will do the online scan saturday, not before (I just can't...), but thanks, for everything!
Choko_late
Active Member
 
Posts: 8
Joined: July 7th, 2009, 2:43 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: pgmigg and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware