Se connecter / S'enregistrer
Votre question

Problème : DRIVER_IRQL_NOT_LESS_OR_EQUAL windows 7

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
13 Avril 2011 11:12:05

Mon Pc Sony Vaio qui tourne sur Windows affiche un grand écran bleu à chaque démarrage normal.
Je vous envoie ce message via le mode sans échec avec prise en charge réseau. Cependant, parfois, il me fait cet écran bleu même en mode sans échec.

Je n'arrive pas à comprendre ce que c'est. Pourriez vous m'aider.
Merci infiniment !

Autres pages sur : probleme driver irql not less equal windows

13 Avril 2011 11:41:03

Salut,
Donne nous le message de l'écran bleu exactement pour t'aider.
18 Avril 2011 11:15:34

il m'affiche aussi : iastos.sys

mais j'arrive pas a avoir le screen
des fois il me fait bad_pool_caller aussi ou system_service_exception
Contenus similaires
a c 547 8 Sécurité
18 Avril 2011 15:12:44

Bonjour,

C'est survenue suite à une mise à jour, une installation de programme, périphérique ?

Pour voir que ce ne soit pas un bootkit en vogue en ce moment :

(à faire en MSE avec prise en charge réseau si possible, sinon rapatrier d'un pc sain le fichier décompressé et le lancé en MSE sur le pc bloqué)

Télécharge TDSSKiller de Kaspersky sur ton bureau.

  • Décompresse-le en faisant clic-droit dessus -> extraire tout... (clique sur "suivant", "suivant" et "Terminer".)
  • Double clique sur "TDSSKiller.exe" pour lancer l'outil.
    (Utilisateur de Vista/Windows 7 : effectue un clic droit sur TDSSKiller.exe et sélectionne "Exécuter en tant qu'administrateur".)

  • Clique alors sur le bouton "Start Scan".
  • Laisse le scan s'effectuer.

  • Dans la fenêtre de résultat :
  • Si TDSS.tdl2 est détecté l'option delete sera cochée par défaut.
  • Si TDSS.tdl3 est détecté assure toi que Cure est bien cochée.
  • Pour la partie "Suspicious object" laisse sur "Skip"
  • Si TDSS.tdl4 (mbr) est détecté assure toi que Cure est bien coché.
  • Clique enfin sur "Continue"

  • Il te sera surement demandé de redémarrer ton pc, fait-le en cliquant sur "Reboot now"

  • Au redémarrage va chercher le rapport de suppression, il se trouve ici :
    C:\ TDSSKiller.x.x.x.x_date_heure_log.txt

    Poste son contenu dans ta prochaine réponse.
    18 Avril 2011 15:33:28

    Voici le report en txt car je n'ai pas réussi à l'ouvrir sur mon PC.
    Je l'ai hébergé sur zshare car partage-facile ne fonctionne pas chez moi

    voici le lien

    http://www.zshare.net/download/89136804dcc8045b/

    Je crois que mon pc est très infecté et il faut agir vite.

    Merci de votre aide

    Cordialement,

    Paulochon
    18 Avril 2011 15:37:08

    Je ne sais pas comment c'est survenu. j'écoutais de la musique et le PC s'est éteint brutalement. c'est quand il a redémarré que cet écran bleu s'est affiché
    a c 547 8 Sécurité
    18 Avril 2011 16:04:09

    Re,

    On se calme, et on respire :D 
    Vite, çà veut rien dire, "bien", c'est mieux.

    Voilà le souci, et ce doit être mieux maintenant :
    Citation :
    2011/04/18 15:14:48.0883 2156 Detected object count: 1
    2011/04/18 15:15:19.0694 2156 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
    2011/04/18 15:15:19.0694 2156 \HardDisk0 - ok
    2011/04/18 15:15:19.0695 2156 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/04/18 15:15:22.0862 3036 Deinitialize success


    Réessaye de démarrer normalement maintenant. çà devrait fonctionner.

    Puis fait ceci :

    Télécharge OTL (de Old Timer) sur ton bureau.
  • Ferme toutes tes fenêtres, puis double clique sur OTL.exe pour le lancer.
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")
  • Coche en haut la case devant "Tous les utilisateurs"
  • Sous Personnalisation, copie-colle l'ensemble du texte ci-dessous, laisse les autres options par défaut.
    netsvcs
    msconfig
    drivers32
    activex
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT

  • Clique sur le bouton Analyse en haut à gauche puis patiente quelques instants.
  • A la fin du scan, deux rapports s'ouvriront OTL.Txt et Extras.Txt. Copie/colle ici l'ensemble des rapports.
    PS : Les rapports sont aussi enregistrés sur le bureau

    Pour les rapports, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.
    18 Avril 2011 16:31:07

    OTL logfile created on: 18/04/2011 16:13:42 - Run 2
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\paulo\Downloads
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
    8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 288,62 Gb Total Space | 15,94 Gb Free Space | 5,52% Space Free | Partition Type: NTFS

    Computer Name: PAULO-VAIO | User Name: paulo | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/04/18 16:12:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\paulo\Downloads\OTL(2).exe
    PRC - [2011/04/11 23:48:39 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2011/02/23 16:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/10/22 17:47:26 | 000,524,288 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
    PRC - [2010/06/11 10:43:12 | 001,959,768 | ---- | M] (Secure Digital Services Limited) -- C:\Program Files (x86)\OfferBox\OfferBox.exe
    PRC - [2009/09/08 04:36:16 | 000,026,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
    PRC - [2009/07/27 16:58:36 | 000,099,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
    PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2009/05/26 09:23:14 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/04/18 16:12:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\paulo\Downloads\OTL(2).exe
    MOD - [2011/02/23 16:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
    MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/02/23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2009/08/12 23:11:54 | 000,522,240 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
    SRV:64bit: - [2009/07/27 22:27:07 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/07/24 06:34:31 | 000,189,984 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
    SRV:64bit: - [2009/07/16 09:36:56 | 000,411,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
    SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2009/06/26 14:56:10 | 000,357,672 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
    SRV:64bit: - [2009/06/26 14:35:04 | 000,468,264 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
    SRV:64bit: - [2009/06/17 18:50:30 | 000,110,888 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
    SRV - [2010/10/22 17:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2010/03/16 19:02:32 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/07/27 16:58:40 | 000,091,432 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
    SRV - [2009/07/27 16:58:38 | 000,427,304 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
    SRV - [2009/07/27 16:58:38 | 000,075,048 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
    SRV - [2009/07/27 16:58:38 | 000,070,952 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
    SRV - [2009/07/27 16:58:36 | 000,120,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
    SRV - [2009/07/23 10:39:38 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
    SRV - [2009/07/23 10:39:38 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
    SRV - [2009/07/23 10:39:36 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
    SRV - [2009/07/22 15:03:04 | 000,642,920 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
    SRV - [2009/07/01 11:49:34 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
    SRV - [2009/06/26 11:25:36 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
    SRV - [2009/06/26 11:25:24 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
    SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2009/05/06 18:53:50 | 001,220,608 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
    SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
    SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/02/23 15:55:05 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2009/08/05 03:22:40 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
    DRV:64bit: - [2009/08/05 03:20:51 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/08/03 22:06:34 | 000,250,928 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2009/07/31 22:29:11 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009/07/31 22:14:14 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)
    DRV:64bit: - [2009/07/31 22:13:51 | 000,086,528 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)
    DRV:64bit: - [2009/07/31 22:02:03 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/07/30 22:41:17 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2009/07/30 22:41:16 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2009/07/30 22:41:16 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2009/07/30 22:40:45 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2009/07/27 22:27:10 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009/07/24 07:24:03 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
    DRV:64bit: - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 02:09:15 | 000,145,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST) Protocole RMCAST (multidiffusion fiable)
    DRV:64bit: - [2009/07/14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2009/06/11 22:19:09 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
    DRV:64bit: - [2009/06/10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Pilote de carte de liaison WiFi sans fil Intel(R)
    DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/05/26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
    DRV:64bit: - [2009/05/20 12:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2006/12/13 18:52:42 | 000,024,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
    DRV - [2003/11/28 18:34:40 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\asapiW2k.sys -- (ASAPIW2K)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pucuy.com/
    IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
    IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
    IE - HKLM\..\URLSearchHook: {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files (x86)\Eazel-FR\tbEaz1.dll (Conduit Ltd.)
    IE - HKLM\..\URLSearchHook: {dfabc5b5-039b-4865-979a-de31cdf3e351} - C:\Program Files (x86)\Media_Star\tbMed1.dll (Conduit Ltd.)



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555



    IE - HKU\S-1-5-21-452738166-249740258-2306872342-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
    IE - HKU\S-1-5-21-452738166-249740258-2306872342-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT226905...
    IE - HKU\S-1-5-21-452738166-249740258-2306872342-1001\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll (Spigot, Inc.)
    IE - HKU\S-1-5-21-452738166-249740258-2306872342-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-452738166-249740258-2306872342-1001\..\URLSearchHook: {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files (x86)\Eazel-FR\tbEaz1.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-452738166-249740258-2306872342-1001\..\URLSearchHook: {dfabc5b5-039b-4865-979a-de31cdf3e351} - C:\Program Files (x86)\Media_Star\tbMed1.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-452738166-249740258-2306872342-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-452738166-249740258-2306872342-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-21-452738166-249740258-2306872342-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.defaultthis.engineName: "Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT226905...{searchTerms}"
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2269050&SearchSource=..."
    FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.1
    FF - prefs.js..extensions.enabledItems: {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}:3.3.3.2
    FF - prefs.js..extensions.enabledItems: offerboxffx@offerbox.com:2.1.2239.102
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
    FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1
    FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.2
    FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
    FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT226905..."
    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..keyword.URL: "http://fr.search.yahoo.com/search?fr=greentree_ff1&ei=u..."
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"


    FF - HKLM\software\mozilla\Firefox\Extensions\\SpiderMessengerHelper@spidermessenger.com: C:\Program Files (x86)\SpiderMessenger
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/11 23:48:43 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/11 23:48:43 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/11 23:48:43 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/11 23:48:43 | 000,000,000 | ---D | M]

    [2010/02/06 15:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\paulo\AppData\Roaming\mozilla\Extensions
    [2010/02/06 15:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\paulo\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
    [2011/04/18 16:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\paulo\AppData\Roaming\mozilla\Firefox\Profiles\425x5d7l.default\extensions
    [2009/12/24 15:51:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\paulo\AppData\Roaming\mozilla\Firefox\Profiles\425x5d7l.default\extensions\{1c491116-c175-45e1-a570-6fb14fea8b7b}
    [2010/07/06 15:25:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\paulo\AppData\Roaming\mozilla\Firefox\Profiles\425x5d7l.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2011/03/28 23:22:10 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\paulo\AppData\Roaming\mozilla\Firefox\Profiles\425x5d7l.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
    [2011/03/28 23:22:10 | 000,000,000 | ---D | M] (Eazel-FR Community Toolbar) -- C:\Users\paulo\AppData\Roaming\mozilla\Firefox\Profiles\425x5d7l.default\extensions\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}
    [2011/01/08 13:54:24 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\paulo\AppData\Roaming\mozilla\Firefox\Profiles\425x5d7l.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2011/03/28 23:22:10 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\paulo\AppData\Roaming\mozilla\Firefox\Profiles\425x5d7l.default\extensions\engine@conduit.com
    [2010/12/14 17:16:58 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\paulo\AppData\Roaming\mozilla\Firefox\Profiles\425x5d7l.default\extensions\ffxtlbr@babylon.com
    [2011/01/08 13:54:52 | 000,000,873 | ---- | M] () -- C:\Users\paulo\AppData\Roaming\Mozilla\Firefox\Profiles\425x5d7l.default\searchplugins\conduit.xml
    [2010/06/18 00:43:01 | 000,002,556 | ---- | M] () -- C:\Users\paulo\AppData\Roaming\Mozilla\Firefox\Profiles\425x5d7l.default\searchplugins\fissa.xml
    [2010/02/17 04:48:51 | 000,001,201 | ---- | M] () -- C:\Users\paulo\AppData\Roaming\Mozilla\Firefox\Profiles\425x5d7l.default\searchplugins\winamp-search.xml
    [2011/03/28 23:22:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/11/20 07:59:57 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
    [2010/11/23 10:41:38 | 000,000,000 | ---D | M] (Dealio Toolbar) -- C:\PROGRAM FILES (X86)\DEALIO TOOLBAR\FF
    [2010/06/17 15:51:44 | 000,000,000 | ---D | M] (Your exclusive shopping assistant for the best online offers) -- C:\USERS\PAULO\APPDATA\ROAMING\OFFERBOX\OFFERBOXFFX@OFFERBOX.COM
    [2011/04/11 23:48:41 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml
    [2010/12/14 17:16:55 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
    [2011/04/11 23:48:41 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2011/04/11 23:48:41 | 000,000,757 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml
    [2010/06/12 02:15:30 | 000,000,615 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\pucuy.xml
    [2011/04/11 23:48:41 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml
    [2011/04/11 23:48:41 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml

    Hosts file not found
    O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
    O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
    O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll (Spigot, Inc.)
    O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
    O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\bh\BabylonToolbar.dll (Babylon BHO)
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
    O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
    O2 - BHO: (Eazel-FR Toolbar) - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files (x86)\Eazel-FR\tbEaz1.dll (Conduit Ltd.)
    O2 - BHO: (Media Star Toolbar) - {dfabc5b5-039b-4865-979a-de31cdf3e351} - C:\Program Files (x86)\Media_Star\tbMed1.dll (Conduit Ltd.)
    O2 - BHO: (OfferBox) - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Program Files (x86)\OfferBox\OfferBoxBHO.dll (Secure Digital Services Limited)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll (Spigot, Inc.)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
    O3 - HKLM\..\Toolbar: (Eazel-FR Toolbar) - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files (x86)\Eazel-FR\tbEaz1.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Media Star Toolbar) - {dfabc5b5-039b-4865-979a-de31cdf3e351} - C:\Program Files (x86)\Media_Star\tbMed1.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-452738166-249740258-2306872342-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKU\S-1-5-21-452738166-249740258-2306872342-1001\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-452738166-249740258-2306872342-1001\..\Toolbar\WebBrowser: (Eazel-FR Toolbar) - {A8F9752D-E2B8-4E7A-86B5-499F4330E2FE} - C:\Program Files (x86)\Eazel-FR\tbEaz1.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-452738166-249740258-2306872342-1001\..\Toolbar\WebBrowser: (Media Star Toolbar) - {DFABC5B5-039B-4865-979A-DE31CDF3E351} - C:\Program Files (x86)\Media_Star\tbMed1.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-452738166-249740258-2306872342-1001\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
    O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe (Babylon Ltd.)
    O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
    O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
    O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
    O4 - HKLM..\Run: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\S-1-5-21-452738166-249740258-2306872342-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
    O7 - HKU\S-1-5-21-452738166-249740258-2306872342-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKU\S-1-5-21-452738166-249740258-2306872342-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
    O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\paulo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O8:64bit: - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
    O8:64bit: - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\paulo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
    O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
    O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Envoyer à Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Envoyer au périphérique &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
    O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-wind... (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-wind... (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-wind... (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-wind... (Java Plug-in 1.6.0_14)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\glowext: DllName - C:\Windows\system32\config\systemprofile\AppData\Local\glowext.dll - C:\Windows\SysWOW64\config\systemprofile\AppData\Local\glowext.dll ()
    O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/05/27 10:40:23 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    MsConfig:64bit - StartUpFolder: C:^Users^paulo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk - C:\Program Files (x86)\LimeWire\LimeWire.exe - (Lime Wire, LLC)
    MsConfig:64bit - State: "startup" - Reg Error: Key error.

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
    ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
    ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
    ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
    ActiveX:64bit: >{95C805CC-07CF-43B9-9D5E-D7282D12BB5A} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    CREATERESTOREPOINT
    Error creating restore point.

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/04/18 10:23:43 | 000,505,176 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2011/04/18 10:23:43 | 000,238,968 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2011/04/18 10:11:57 | 000,000,000 | ---D | C] -- C:\Users\paulo\AppData\Local\PackageAware
    [2011/04/17 22:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\oLf06511nNeBe06511
    [2011/04/14 10:16:20 | 000,000,000 | ---D | C] -- C:\a53715c75638bdff7e6b7e7499d0
    [2011/04/14 09:57:49 | 000,000,000 | ---D | C] -- C:\d35edc416e6b8b3f089d87c6
    [2011/04/14 09:50:18 | 000,000,000 | ---D | C] -- C:\8f2510259ea093d3ff485641501212e6
    [2011/04/14 09:33:29 | 000,000,000 | ---D | C] -- C:\6602cda7390bce212e15cb1fb75160
    [2011/04/14 09:25:51 | 000,000,000 | ---D | C] -- C:\29d1a91b6d5a1040be28
    [2011/04/14 09:17:56 | 000,000,000 | ---D | C] -- C:\1720ef1a740478261f7f8a5ba6ab0524
    [2011/04/14 09:09:41 | 000,000,000 | ---D | C] -- C:\090a8d221b2c8e16311d
    [2011/04/14 09:01:34 | 000,000,000 | ---D | C] -- C:\054bf21c2218f2d7d07328f88186
    [2011/04/14 08:47:05 | 000,000,000 | ---D | C] -- C:\b84cd7b33c3cf0b67b
    [2011/04/14 08:39:43 | 000,000,000 | ---D | C] -- C:\c656df7d86d7228be84fb8f582b0a9
    [2011/04/14 08:32:14 | 000,000,000 | ---D | C] -- C:\b7025e2b3669f90ff2ecd915ca0b5f99
    [2011/04/14 08:20:12 | 000,000,000 | ---D | C] -- C:\4158788d9365a88fd1c0
    [2011/04/14 08:12:28 | 000,000,000 | ---D | C] -- C:\2e62f7cef69174f8a6ac40a18a6ed7
    [2011/04/14 08:04:54 | 000,000,000 | ---D | C] -- C:\920a49653c6035f46cce67
    [2011/04/14 07:57:21 | 000,000,000 | ---D | C] -- C:\ecd7a6dbcfcbc472001077cdb1
    [2011/04/14 07:42:51 | 000,000,000 | ---D | C] -- C:\1c94d4a5e8047ddb3ea8befec8
    [2011/04/14 07:35:14 | 000,000,000 | ---D | C] -- C:\320e3691b265d3386a8a37
    [2011/04/14 07:27:03 | 000,000,000 | ---D | C] -- C:\2c718b92fc1b0498dcb7d8bca5
    [2011/04/14 07:18:47 | 000,000,000 | ---D | C] -- C:\3574c2f2fbb9614adedc0b5e2fa2
    [2011/04/14 07:11:07 | 000,000,000 | ---D | C] -- C:\2ae3b5c0edf2fe67d2c3a8
    [2011/04/14 07:03:21 | 000,000,000 | ---D | C] -- C:\c2aa3dc8fabd8d2666cf69
    [2011/04/14 06:55:17 | 000,000,000 | ---D | C] -- C:\b3711d1823e54ed1297fba56
    [2011/04/14 06:32:30 | 000,000,000 | ---D | C] -- C:\212c7c878e4cdb99c5f4
    [2011/04/14 06:15:56 | 000,000,000 | ---D | C] -- C:\54c95cb873c476bbe3b0b5828e
    [2011/04/14 06:08:14 | 000,000,000 | ---D | C] -- C:\d130acf3e2088e4b4d84
    [2011/04/14 06:00:06 | 000,000,000 | ---D | C] -- C:\df8e99339fcdbe73a682b09826217587
    [2011/04/14 05:52:38 | 000,000,000 | ---D | C] -- C:\477b6763a6916f107ad48c91ee06d1ea
    [2011/04/14 05:44:54 | 000,000,000 | ---D | C] -- C:\2641d68bab6d06f2117a94b7bcbacb
    [2011/04/14 05:37:35 | 000,000,000 | ---D | C] -- C:\9ada0f2731688bebd85a6a
    [2011/04/14 05:29:58 | 000,000,000 | ---D | C] -- C:\f443e3fd5254e72a68c24fa6e2
    [2011/04/14 05:22:27 | 000,000,000 | ---D | C] -- C:\cd1971c61a349ee44a7c1552c914
    [2011/04/14 05:14:42 | 000,000,000 | ---D | C] -- C:\a9f12aaaa3c103848d04
    [2011/04/14 05:07:06 | 000,000,000 | ---D | C] -- C:\33d47badebc5fb1f86f46ae0
    [2011/04/14 04:59:26 | 000,000,000 | ---D | C] -- C:\4ef06c2b33ee1895efc1a2e6289fed
    [2011/04/14 04:51:54 | 000,000,000 | ---D | C] -- C:\672a6189913d3dbfabc190d54e08458a
    [2011/04/14 04:39:42 | 000,000,000 | ---D | C] -- C:\0f941683f3acc000e136dabdf83f50ff
    [2011/04/14 04:18:55 | 000,000,000 | ---D | C] -- C:\5ed5dc7515aaf5760f9d31a0282692
    [2011/04/14 04:03:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2011/04/14 04:02:23 | 000,000,000 | ---D | C] -- C:\b145f8b0e8c91f4e0b39
    [2011/04/13 10:55:28 | 000,000,000 | ---D | C] -- C:\NVIDIA
    [2011/04/12 22:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Team001 (Mike Weir)
    [2011/04/12 22:17:32 | 000,000,000 | ---D | C] -- C:\Users\paulo\Documents\001
    [2011/04/12 22:17:28 | 000,000,000 | ---D | C] -- C:\Users\paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\001
    [2011/04/12 22:17:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\001
    [2011/03/31 15:15:40 | 000,000,000 | ---D | C] -- C:\Users\paulo\Desktop\mag
    [2011/03/31 12:20:15 | 000,000,000 | ---D | C] -- C:\Users\paulo\Documents\sujet photo
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/04/18 16:20:00 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/04/18 16:16:44 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/04/18 16:16:43 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/04/18 16:15:15 | 000,730,896 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
    [2011/04/18 16:15:15 | 000,622,518 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/04/18 16:15:15 | 000,139,162 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
    [2011/04/18 16:15:15 | 000,113,716 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/04/18 16:15:15 | 000,004,784 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/04/18 16:08:36 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/04/18 16:07:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/04/18 16:07:21 | 3195,293,696 | -HS- | M] () -- C:\hiberfil.sys
    [2011/04/18 10:23:43 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2011/04/13 16:52:50 | 000,019,724 | ---- | M] () -- C:\Users\paulo\AppData\Roaming\wklnhst.dat
    [2011/04/13 16:52:50 | 000,009,728 | ---- | M] () -- C:\Users\paulo\Documents\papier voix du nord.wps
    [2011/04/12 22:17:28 | 000,001,191 | ---- | M] () -- C:\Users\paulo\Desktop\New 123.lnk
    [2011/04/08 14:38:29 | 000,031,744 | ---- | M] () -- C:\Windows\SysWow64\mmwrshrp.dll
    [2011/03/31 01:49:04 | 005,602,967 | ---- | M] () -- C:\Users\paulo\Documents\inter 3 mc kinny.psd
    [2011/03/31 00:18:06 | 005,942,685 | ---- | M] () -- C:\Users\paulo\Documents\inter 4 mc kinny.psd
    [2011/03/30 19:39:14 | 009,899,100 | ---- | M] () -- C:\Users\paulo\Documents\inter mc kinny.psd
    [2011/03/30 15:56:56 | 007,049,766 | ---- | M] () -- C:\Users\paulo\Documents\trez graff.psd
    [2011/03/30 14:37:46 | 016,284,034 | ---- | M] () -- C:\Users\paulo\Documents\inja reportage.psd
    [2011/03/29 17:27:42 | 013,553,779 | ---- | M] () -- C:\Users\paulo\Documents\nakronik.psd
    [2011/03/29 17:27:38 | 005,027,926 | ---- | M] () -- C:\Users\paulo\Documents\inja.psd
    [2011/03/29 16:24:20 | 003,004,195 | ---- | M] () -- C:\Users\paulo\Documents\billet d'humeur.psd
    [2011/03/29 15:46:52 | 007,960,005 | ---- | M] () -- C:\Users\paulo\Documents\playlist mc kinny.psd
    [2011/03/28 17:53:01 | 002,317,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/04/13 16:52:50 | 000,009,728 | ---- | C] () -- C:\Users\paulo\Documents\papier voix du nord.wps
    [2011/04/12 22:17:28 | 000,001,191 | ---- | C] () -- C:\Users\paulo\Desktop\New 123.lnk
    [2011/04/08 14:38:28 | 000,031,744 | ---- | C] () -- C:\Windows\SysWow64\mmwrshrp.dll
    [2011/03/30 15:57:58 | 016,284,034 | ---- | C] () -- C:\Users\paulo\Documents\inja reportage.psd
    [2011/03/30 15:57:45 | 007,049,766 | ---- | C] () -- C:\Users\paulo\Documents\trez graff.psd
    [2011/03/30 12:34:39 | 013,553,779 | ---- | C] () -- C:\Users\paulo\Documents\nakronik.psd
    [2011/03/30 12:34:34 | 007,960,005 | ---- | C] () -- C:\Users\paulo\Documents\playlist mc kinny.psd
    [2011/03/30 12:34:31 | 005,942,685 | ---- | C] () -- C:\Users\paulo\Documents\inter 4 mc kinny.psd
    [2011/03/30 12:34:28 | 005,602,967 | ---- | C] () -- C:\Users\paulo\Documents\inter 3 mc kinny.psd
    [2011/03/30 12:34:24 | 009,899,100 | ---- | C] () -- C:\Users\paulo\Documents\inter mc kinny.psd
    [2011/03/30 12:34:21 | 005,027,926 | ---- | C] () -- C:\Users\paulo\Documents\inja.psd
    [2011/03/30 12:34:20 | 003,004,195 | ---- | C] () -- C:\Users\paulo\Documents\billet d'humeur.psd
    [2011/01/04 22:51:00 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
    [2010/06/28 17:03:44 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
    [2010/06/15 13:39:59 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
    [2010/05/07 13:50:42 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
    [2010/01/05 00:52:47 | 000,019,724 | ---- | C] () -- C:\Users\paulo\AppData\Roaming\wklnhst.dat
    [2009/09/08 04:43:47 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
    [2009/09/08 04:16:09 | 000,002,835 | ---- | C] () -- C:\Windows\SysWow64\McOEMAppRules.dat
    [2009/08/17 22:11:54 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
    [2009/08/17 22:11:53 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
    [2009/08/17 22:11:53 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
    [2009/08/17 22:11:52 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
    [2009/08/17 14:26:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/14 01:16:42 | 000,056,880 | ---- | C] () -- C:\Windows\SysWow64\scvideo.dll
    [2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >

    < %ALLUSERSPROFILE%\Application Data\*. >

    < %ALLUSERSPROFILE%\Application Data\*.exe /s >

    < %APPDATA%\*. >
    [2010/09/30 03:28:00 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\2C97E462A713F784B5994DA2600E4E0B
    [2009/12/25 19:25:03 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\ACAMPREF
    [2011/03/31 19:38:23 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\Adobe
    [2009/12/21 15:19:34 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\Apple Computer
    [2010/02/12 16:07:50 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\ArcSoft
    [2009/12/05 15:42:38 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\ATI
    [2011/03/28 11:16:19 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\Audacity
    [2010/06/28 16:49:16 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\AVS4YOU
    [2010/05/26 15:01:17 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\Azureus
    [2010/12/16 04:22:19 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\Babylon
    [2011/03/17 20:07:31 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\BitTorrent
    [2010/12/27 01:41:16 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\dvdcss
    [2011/01/08 13:54:24 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\DVDVideoSoftIEHelpers
    [2010/05/06 23:56:34 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\ESTsoft
    [2010/06/17 15:52:02 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\FissaSearch
    [2010/06/17 17:22:32 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\freeTVRadio
    [2009/12/05 15:44:49 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\Google
    [2010/01/23 19:20:01 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\Hardcore
    [2009/12/05 14:42:09 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\Identities
    [2010/02/16 19:14:48 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\invibes
    [2010/01/23 19:21:21 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\Juce VST Host
    [2010/12/22 18:30:36 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\LimeWire
    [2009/12/05 15:50:21 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\Macromedia
    [2010/05/07 13:56:13 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\MAGIX
    [2010/05/26 15:08:14 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\Malwarebytes
    [2009/07/14 17:35:05 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\Media Center Programs
    [2010/09/30 03:33:07 | 000,000,000 | --SD | M] -- C:\Users\paulo\AppData\Roaming\Microsoft
    [2009/12/06 13:30:41 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\Mozilla
    [2011/04/17 15:22:56 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\OfferBox
    [2010/10/01 11:38:53 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\Roxio Log Files
    [2010/01/23 19:21:31 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\Sawer
    [2011/01/07 12:18:19 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\Skype
    [2011/01/07 12:18:18 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\skypePM
    [2010/03/02 10:16:49 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\Sony Corporation
    [2010/12/16 01:13:45 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\SynthMaker
    [2010/01/05 00:52:50 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\Template
    [2010/10/25 16:51:40 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\TorrentBitch
    [2011/04/11 21:49:31 | 000,000,000 | ---D | M] -- C:\Users\paulo\AppData\Roaming\vlc

    < %APPDATA%\*.exe /s >
    [2010/10/27 16:54:31 | 010,030,360 | ---- | M] (ESTsoft Corp.) -- C:\Users\paulo\AppData\Roaming\ESTsoft\ALUpdate\ALZIP\newfile\TEMP\ALZip812.exe
    [2010/06/03 13:41:06 | 000,006,656 | ---- | M] (Aedgency) -- C:\Users\paulo\AppData\Roaming\FissaSearch\FissaUninstaller.exe
    [2010/02/06 15:37:08 | 000,163,840 | ---- | M] (Mozilla Foundation) -- C:\Users\paulo\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.exe
    [2010/02/06 15:37:10 | 000,196,608 | ---- | M] (Mozilla Foundation) -- C:\Users\paulo\AppData\Roaming\LimeWire\browser\xulrunner\updater.exe
    [2010/02/06 15:37:10 | 000,014,848 | ---- | M] () -- C:\Users\paulo\AppData\Roaming\LimeWire\browser\xulrunner\xpcshell.exe
    [2010/02/06 15:37:10 | 000,077,824 | ---- | M] (Mozilla Foundation) -- C:\Users\paulo\AppData\Roaming\LimeWire\browser\xulrunner\xpicleanup.exe
    [2010/02/06 15:37:10 | 000,266,240 | ---- | M] (Mozilla Foundation) -- C:\Users\paulo\AppData\Roaming\LimeWire\browser\xulrunner\xpidl.exe
    [2010/02/06 15:37:10 | 000,018,432 | ---- | M] () -- C:\Users\paulo\AppData\Roaming\LimeWire\browser\xulrunner\xpt_dump.exe
    [2010/02/06 15:37:10 | 000,014,336 | ---- | M] () -- C:\Users\paulo\AppData\Roaming\LimeWire\browser\xulrunner\xpt_link.exe
    [2010/02/06 15:37:11 | 000,073,728 | ---- | M] (Mozilla Foundation) -- C:\Users\paulo\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner-stub.exe
    [2010/02/06 15:37:11 | 000,102,400 | ---- | M] (Mozilla Foundation) -- C:\Users\paulo\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner.exe

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < End of report >
    a c 547 8 Sécurité
    18 Avril 2011 16:58:10

    Re,

    Il aurait été bien d'envoyer le rapport comme demandé via le service cijoint ...

    Il manque le second rapport, et cela s'explique parce qu'OTL avait déjà été lancé sur ce pc ...
    Si tu l'as fait deux fois d'affilé maintenant, poste-moi le rapport extra.txt qui doit encore être sur ton bureau.
    Si c'était y'a un moment, c'est pas grave.

    Niveau infection c'est ok mais :

    Citation :
    PRC - [2010/10/22 17:47:26 | 000,524,288 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
    PRC - [2010/06/11 10:43:12 | 001,959,768 | ---- | M] (Secure Digital Services Limited) -- C:\Program Files (x86)\OfferBox\OfferBox.exe


    Adware (logiciels publicitaire) à gogo, faudrait faire attention lorsque vous installez des programmes ...

    Avast! pas à jour (la version 6 est disponible), Java pas à jour, l'UAC désactivé ( à lire )

    Pour suivre :

    1) Programme à désinstaller (si présent) :
    - Search Settings
    - OfferBox
    - DVDVideoSoftTB Community Toolbar
    - FissaSearch
    - Dealio Toolbar
    - Eazel-FR Community Toolbar
    - Media_Star toolbar
    - Conduit Engine
    - Widgi Toolbar Platform
    - Your exclusive shopping assistant for the best online offers
    - Sony Marketing Tools


    2) Télécharge Ad-R (de C_XX) sur ton Bureau.

    /!\ Désactive tes protections résidentes : antivirus, antispyware, déconnecte-toi et ferme toutes les applications en cours /!\

  • Installe le programme (avec les paramètres par défaut).
  • Le programme se lance automatiquement à la fin de l'installation, sinon, lance-le via le raccourci Ad-R situé sur ton Bureau.
    (Utilisateur de Vista/Windows 7, clique-droit sur le raccourci de Ad-R -> Exécuter en tant qu'administrateur)
  • Valide l'avertissement, puis, dans la fenêtre principal, choisis l'option Scanner, et valide avec "Oui"
  • A la fin, appuie sur une touche, un rapport apparaitra (sinon, il est situé ici C:\Ad-report-SCAN[X].txt). Poste-le dans ta prochaine réponse

    /!\ N'oublie pas de réactiver tes protections résidentes /!\
    a c 547 8 Sécurité
    18 Avril 2011 17:05:59

    Re,

    Pas grave ...

    et puis pas du tout récent le rapport de toute manière :
    Citation :
    OTL Extras logfile created on: 24/05/2010 16:48:19 - Run 1


    Donc, fais juste ce qui est demandé dans mon précédent message.
    18 Avril 2011 17:25:18

    avoir l'uac désactivé est une très grosse erreur selon la page que tu m'as indiqué mais comment fait on pour l'activer. et comment met on a jour avast et java. désolé je suis pas du tout calé !
    a c 547 8 Sécurité
    18 Avril 2011 19:08:45

    Re,

    UAC et mise à jour on s'en occupera à la fin.

    La suite :

    Relance AD-R :

    /!\ Désactive tes protections résidentes : antivirus, antispyware ... Déconnecte-toi et ferme toutes les applications en cours (notamment ton navigateur)/!\

  • Lance-le via le raccourci Ad-R situé sur ton Bureau.
    (Utilisateur de Vista/Windows 7, clique-droit sur le raccourci de Ad-R -> Exécuter en tant qu'administrateur)
  • Valide l'avertissement, puis, dans la fenêtre principal, choisis l'option Nettoyer, et valide avec "Oui"
  • A la fin, appuie sur une touche, un rapport apparaitra (sinon, il est situé ici C:\Ad-report-CLEAN[X].txt). Poste-le dans ta prochaine réponse

    /!\ N'oublie pas de réactiver tes protections résidentes /!\


    Ps : Process est détecté par certains antivirus (Antivir, DrWeb, Kaspersky) comme étant un programme malveillant, ce n'est pas le cas. Si tu as une alerte concernant ce fichier, n'empêche pas process de s'exécuter.
    http://www.beyondlogic.org/consulting/processutil/proce...
    30 Mai 2011 22:13:28

    Bonsoir, j'ai exactement le même problème, je vais essayer demain soir avec tdsskiller, ca serait cool si vous pouviez m'aider :wahoo: 
    a c 547 8 Sécurité
    31 Mai 2011 10:36:28

    Bonjour,

    Merci de créer ton propre sujet à ce moment là.

    [:_tom_:7]
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS