Votre question

Pages pub intempestives

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
Anonyme
24 Mai 2009 12:56:09

j'utilise explorer 8, et depuis quelques temps j'ai des pages de pub qui s'ouvren, non pas en pop-up ou dans un nouvel onglet mais dans une fenetre a part.
A noter que dans la barre des taches, cette fenetre n'a pas le logo internet explorer, mais un logo multicolore a la place.
j'ai fait un scan avec mon anti virus (nod32) mais il a rien trouvé.... que faire!

Autres pages sur : pages pub intempestives

a b 8 Sécurité
24 Mai 2009 13:54:44

Un bonjour ?

Télécharge Random's System Information Tool (RSIT) (de random/random) et sauvegarde-le sur le Bureau.

  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue  à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt  (qui sera affiché)
    ainsi que de info.txt  (qui sera réduit dans la Barre des Tâches)
  • NB : Les rapports sont sauvegardés dans le dossier C:\rsit  
  • Veille bien à me poster l'intégralité des rapports, vérifie qu'ils soient complets une fois que tu les as postés.
    Anonyme
    24 Mai 2009 15:00:00

    dsl, c'est vrai bonjour.

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by AlexNoteBook at 2009-05-24 14:55:06
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 11 GB (15%) free of 76 GB
    Total RAM: 2046 MB (40% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:55:56, on 24/05/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
    C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Users\AlexNoteBook\AppData\Local\amagwgo.exe
    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Ares\Ares.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\AlexNoteBook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RG4CU41Q\RSIT[1].exe
    C:\Program Files\trend micro\AlexNoteBook.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
    O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
    O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Free Download Manager - RCS] C:\Program Files\Free Download Manager\fdmwi.exe -autorun
    O4 - HKCU\..\Run: [amagwgo] "c:\users\alexnotebook\appdata\local\amagwgo.exe" amagwgo
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing)
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redirect-home?tag=Tosh... (file missing)
    O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpld...
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrob...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 10749 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
    Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-18 1082880]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
    P2P Energy Toolbar - C:\Program Files\P2P_Energy\tbP2P_.dll [2007-12-10 1510424]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-29 259696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-29 668656]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-29 470512]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-29 259696]
    {2bae58c2-79f9-45d1-a286-81f911301c3a} - P2P Energy Toolbar - C:\Program Files\P2P_Energy\tbP2P_.dll [2007-12-10 1510424]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
    "KeNotify"=C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [2006-11-06 34352]
    "SVPWUTIL"=C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [2006-03-22 438272]
    "HWSetup"=\HWSetup.exe hwSetUP []
    "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-09-03 4702208]
    "TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2007-03-29 411192]
    "HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-07 55416]
    "SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2007-04-03 509496]
    "00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2007-05-22 538744]
    "NDSTray.exe"=NDSTray.exe []
    "Desktop SMS"=C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe [2007-06-18 1507328]
    "topi"=C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2007-07-10 581632]
    "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
    "SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-07-27 204800]
    "Toshiba Registration"=C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [2007-02-19 571024]
    "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-02-12 174872]
    "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-03-20 1451304]
    "egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-01-30 1443072]
    "Skytel"=C:\Windows\Skytel.exe [2007-08-03 1826816]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
    "TOSCDSPD"=TOSCDSPD.EXE []
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-15 39408]
    "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-18 21633320]
    "Free Download Manager - RCS"=C:\Program Files\Free Download Manager\fdmwi.exe -autorun []
    "amagwgo"=c:\users\alexnotebook\appdata\local\amagwgo.exe [2009-05-20 279552]

    C:\Users\AlexNoteBook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    Outil de détection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableUIADesktopToggle"=0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    ======File associations======

    .js - edit - C:\Windows\System32\Notepad.exe %1
    .js - open - C:\Windows\System32\WScript.exe "%1" %*

    ======List of files/folders created in the last 1 months======

    2009-05-24 14:55:09 ----D---- C:\Program Files\trend micro
    2009-05-24 14:55:06 ----D---- C:\rsit
    2009-05-20 02:49:33 ----D---- C:\Program Files\Ares
    2009-05-15 16:44:39 ----D---- C:\ProgramData\Adobe
    2009-05-15 16:44:35 ----D---- C:\Program Files\Common Files\Adobe
    2009-05-15 16:39:28 ----D---- C:\ProgramData\NOS
    2009-05-15 16:39:27 ----D---- C:\Program Files\NOS
    2009-05-06 01:21:44 ----D---- C:\Program Files\P2P_Energy
    2009-04-29 15:08:00 ----A---- C:\Windows\system32\mshtmler.dll
    2009-04-29 15:08:00 ----A---- C:\Windows\system32\mshtmled.dll
    2009-04-29 15:08:00 ----A---- C:\Windows\system32\ieui.dll
    2009-04-29 15:08:00 ----A---- C:\Windows\system32\icardie.dll
    2009-04-29 15:08:00 ----A---- C:\Windows\system32\admparse.dll
    2009-04-29 15:07:59 ----A---- C:\Windows\system32\msls31.dll
    2009-04-29 15:07:59 ----A---- C:\Windows\system32\jsproxy.dll
    2009-04-29 15:07:59 ----A---- C:\Windows\system32\imgutil.dll
    2009-04-29 15:07:59 ----A---- C:\Windows\system32\iernonce.dll
    2009-04-29 15:07:59 ----A---- C:\Windows\system32\ieakeng.dll
    2009-04-29 15:07:59 ----A---- C:\Windows\system32\dxtmsft.dll
    2009-04-29 15:07:59 ----A---- C:\Windows\system32\corpol.dll
    2009-04-29 15:07:58 ----A---- C:\Windows\system32\occache.dll
    2009-04-29 15:07:58 ----A---- C:\Windows\system32\msfeedsbs.dll
    2009-04-29 15:07:58 ----A---- C:\Windows\system32\licmgr10.dll
    2009-04-29 15:07:58 ----A---- C:\Windows\system32\inseng.dll
    2009-04-29 15:07:58 ----A---- C:\Windows\system32\iepeers.dll
    2009-04-29 15:07:58 ----A---- C:\Windows\system32\ieaksie.dll
    2009-04-29 15:07:58 ----A---- C:\Windows\system32\dxtrans.dll
    2009-04-29 15:07:57 ----A---- C:\Windows\system32\WinFXDocObj.exe
    2009-04-29 15:07:57 ----A---- C:\Windows\system32\wextract.exe
    2009-04-29 15:07:57 ----A---- C:\Windows\system32\webcheck.dll
    2009-04-29 15:07:57 ----A---- C:\Windows\system32\mstime.dll
    2009-04-29 15:07:57 ----A---- C:\Windows\system32\msrating.dll
    2009-04-29 15:07:57 ----A---- C:\Windows\system32\msfeedssync.exe
    2009-04-29 15:07:57 ----A---- C:\Windows\system32\iesetup.dll
    2009-04-29 15:07:57 ----A---- C:\Windows\system32\ieakui.dll
    2009-04-29 15:07:56 ----A---- C:\Windows\system32\pngfilt.dll
    2009-04-29 15:07:56 ----A---- C:\Windows\system32\msfeeds.dll
    2009-04-29 15:07:56 ----A---- C:\Windows\system32\ieapfltr.dll
    2009-04-29 15:07:56 ----A---- C:\Windows\system32\advpack.dll
    2009-04-29 15:07:55 ----A---- C:\Windows\system32\vbscript.dll
    2009-04-29 15:07:55 ----A---- C:\Windows\system32\url.dll
    2009-04-29 15:07:55 ----A---- C:\Windows\system32\jscript.dll
    2009-04-29 15:07:55 ----A---- C:\Windows\system32\iedkcs32.dll
    2009-04-29 15:07:54 ----A---- C:\Windows\system32\mshta.exe
    2009-04-29 15:07:54 ----A---- C:\Windows\system32\iexpress.exe
    2009-04-29 15:07:53 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
    2009-04-29 15:07:53 ----A---- C:\Windows\system32\SetDepNx.exe
    2009-04-29 15:07:53 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
    2009-04-29 15:07:53 ----A---- C:\Windows\system32\PDMSetup.exe
    2009-04-29 15:07:53 ----A---- C:\Windows\system32\ieUnatt.exe
    2009-04-29 15:07:53 ----A---- C:\Windows\system32\iesysprep.dll
    2009-04-29 15:07:53 ----A---- C:\Windows\system32\iertutil.dll
    2009-04-29 15:07:53 ----A---- C:\Windows\system32\ie4uinit.exe
    2009-04-29 15:07:52 ----A---- C:\Windows\system32\wininet.dll
    2009-04-29 15:07:52 ----A---- C:\Windows\system32\urlmon.dll
    2009-04-29 15:07:51 ----A---- C:\Windows\system32\ieframe.dll
    2009-04-29 15:07:50 ----A---- C:\Windows\system32\mshtml.dll

    ======List of files/folders modified in the last 1 months======

    2009-05-24 14:55:31 ----D---- C:\Windows\Prefetch
    2009-05-24 14:55:23 ----D---- C:\Windows\Temp
    2009-05-24 14:55:09 ----RD---- C:\Program Files
    2009-05-24 08:09:40 ----D---- C:\Users\AlexNoteBook\AppData\Roaming\skypePM
    2009-05-23 16:46:29 ----SHD---- C:\System Volume Information
    2009-05-23 14:42:46 ----SHD---- C:\Windows\Installer
    2009-05-23 14:42:03 ----D---- C:\Windows\System32
    2009-05-23 10:40:50 ----D---- C:\Users\AlexNoteBook\AppData\Roaming\dvdcss
    2009-05-16 16:01:32 ----D---- C:\Users\AlexNoteBook\AppData\Roaming\Skype
    2009-05-15 17:04:21 ----SD---- C:\Windows\Downloaded Program Files
    2009-05-15 17:04:21 ----D---- C:\Windows\inf
    2009-05-15 17:04:20 ----D---- C:\Windows\system32\Macromed
    2009-05-15 16:44:39 ----HD---- C:\ProgramData
    2009-05-15 16:44:35 ----D---- C:\Program Files\Common Files
    2009-05-15 16:44:35 ----D---- C:\Program Files\Adobe
    2009-05-13 13:52:46 ----D---- C:\Windows\winsxs
    2009-05-13 13:43:03 ----D---- C:\Windows\system32\catroot
    2009-05-13 13:42:54 ----D---- C:\Program Files\Windows Mail
    2009-05-13 12:42:36 ----D---- C:\Windows\system32\catroot2
    2009-05-09 14:03:06 ----D---- C:\Windows\Tasks
    2009-05-08 13:25:27 ----D---- C:\Program Files\Internet Explorer
    2009-05-07 21:39:38 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2009-05-07 09:16:29 ----A---- C:\Windows\system32\mrt.exe
    2009-04-29 15:52:03 ----D---- C:\Windows\rescache
    2009-04-29 15:11:53 ----D---- C:\Windows\system32\fr-FR
    2009-04-29 15:11:44 ----D---- C:\Windows\system32\migration
    2009-04-29 15:11:44 ----D---- C:\Windows\system32\en-US
    2009-04-29 15:11:44 ----D---- C:\Windows\PolicyDefinitions
    2009-04-29 15:07:37 ----D---- C:\Windows
    2009-04-28 20:01:14 ----SD---- C:\Users\AlexNoteBook\AppData\Roaming\Microsoft
    2009-04-27 17:11:49 ----D---- C:\Windows\system32\drivers

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2008-01-30 29704]
    R1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-01-30 34312]
    R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2008-01-30 39944]
    R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
    R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-20 3077632]
    R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
    R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-05 1953944]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
    R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-04-30 81408]
    R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
    R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-03-20 208688]
    R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
    R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-01-24 290304]
    R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
    R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-04-16 11776]
    S3 athr;Pilote de périphérique LAN sans fil extensible Atheros; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]
    S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
    S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
    S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
    S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
    S3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
    S3 PMUSB2G;PassMark® Software USB 2.0 Loopback plug; C:\Windows\System32\Drivers\PMUSB.sys [2004-11-25 18944]
    S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
    S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys []
    S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
    S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
    S4 CplIR;Embedded IR Driver; C:\Windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
    S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2007-01-18 219392]
    S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2007-01-18 211072]
    S4 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
    S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
    R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-09-20 610304]
    R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
    R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-01-30 468224]
    R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-02-12 355096]
    R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe [2007-09-21 77824]
    R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
    R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2007-03-29 427576]
    R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
    S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe []
    S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2009-02-03 398848]
    S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-01-30 19200]
    S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]
    S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

    -----------------EOF-----------------
    Contenus similaires
    Anonyme
    24 Mai 2009 15:00:46

    info.txt logfile of random's system information tool 1.06 2009-05-24 14:56:04

    ======Uninstall list======

    -->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
    -->C:\Program Files\InstallShield Installation Information\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x040c -removeonly
    -->C:\Program Files\InstallShield Installation Information\{D2A98502-8929-420F-AD48-086B1FD5CDEA}\setup.exe -runfromtemp -l0x040c -removeonly
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x40c
    Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 9.1.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Ares 2.1.1-->"C:\Program Files\Ares\uninstall.exe"
    Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
    AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
    AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
    Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
    Camera Assistant Software for Toshiba-->C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe -runfromtemp -l0x040c
    Catalyst Control Center - Branding-->MsiExec.exe /I{22543949-70E8-45D0-A938-F38143EB8BF8}
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    Codeur Windows Media Série 9-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    Codeur Windows Media Série 9-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    Desktop SMS-->MsiExec.exe /I{5980B928-1C95-4B3E-957B-B02D8147FF9E}
    DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x40c
    Emdedded IR Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{A6D4234C-CB02-4048-AC3E-AD09404FA35A}
    ESET NOD32 Antivirus-->MsiExec.exe /I{6687EF6D-66D6-4189-89D4-3DB5197BD138}
    Favorit-->c:\users\alexnotebook\appdata\local\ewggwoi.bat
    Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
    getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
    Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
    Intel Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
    Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
    Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
    Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
    Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    Music Transfer-->C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe -runfromtemp -l0x040c -removeonly
    myphotobook 3.1-->C:\Program Files\myphotobook\uninst.exe
    OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    P2P Energy Toolbar-->C:\PROGRA~1\P2P_EN~1\UNWISE.EXE C:\PROGRA~1\P2P_EN~1\INSTALL.LOG
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x040c -removeonly
    Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
    Réducteur de bruit lect. CD/DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x40c
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
    Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x040c uninstall -removeonly
    Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{DB780B85-B4B5-4864-A49C-9B706B169C93}\setup.exe -runfromtemp -l0x040c
    TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x40c
    TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}\setup.exe -runfromtemp -l0x040c uninstall
    TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
    TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x040c
    TOSHIBA Flash Cards Support Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E}
    TOSHIBA Hardware Setup-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1036
    TOSHIBA HD DVD PLAYER-->C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x040c -ADDREMOVE -removeonly
    TOSHIBA Mot de passe responsable-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1036
    Toshiba Online Product Information-->C:\Program Files\InstallShield Installation Information\{2290A680-4083-410A-ADCC-7092C67FC052}\setup.exe -runfromtemp -l0x040c -removeonly
    TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
    TOSHIBA Software Modem-->Tosmreg -U
    TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x040c
    VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
    Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
    Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}

    ======Security center information======

    AV: ESET NOD32 Antivirus 3.0
    AS: ESET NOD32 Antivirus 3.0
    AS: Windows Defender

    ======System event log======

    Computer Name: Alex-NoteBook
    Event Code: 4226
    Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
    Record Number: 129063
    Source Name: Tcpip
    Time Written: 20090523232615.178600-000
    Event Type: Avertissement
    User:

    Computer Name: Alex-NoteBook
    Event Code: 4226
    Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
    Record Number: 129068
    Source Name: Tcpip
    Time Written: 20090524004219.223600-000
    Event Type: Avertissement
    User:

    Computer Name: Alex-NoteBook
    Event Code: 4226
    Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
    Record Number: 129074
    Source Name: Tcpip
    Time Written: 20090524084642.575600-000
    Event Type: Avertissement
    User:

    Computer Name: Alex-NoteBook
    Event Code: 4227
    Message: TCP/IP n’a pas pu établir une connexion sortante car le point de terminaison local sélectionné a été récemment utilisé pour se connecter au même point de terminaison distant. Cette erreur se produit généralement lorsque les connexions sortantes sont ouvertes et fermées à un débit élevé, provoquant l’utilisation de tous les ports locaux disponibles et obligeant TCP/IP à réutiliser un port local pour une connexion sortante. Pour réduire le risque d’altération des données, la norme TCP/IP exige qu’un laps de temps minimal s’écoule entre des connexions successives d’un point de terminaison local à un point de terminaison distant.
    Record Number: 129076
    Source Name: Tcpip
    Time Written: 20090524094855.076600-000
    Event Type: Avertissement
    User:

    Computer Name: Alex-NoteBook
    Event Code: 4226
    Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
    Record Number: 129078
    Source Name: Tcpip
    Time Written: 20090524111200.451600-000
    Event Type: Avertissement
    User:

    =====Application event log=====

    Computer Name: Alex-NoteBook
    Event Code: 1530
    Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

    DÉTAIL -
    1 user registry handles leaked from \Registry\User\S-1-5-21-2616885699-3000390508-1820529282-1000:
    Process 1096 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2616885699-3000390508-1820529282-1000

    Record Number: 14349
    Source Name: Microsoft-Windows-User Profiles Service
    Time Written: 20090523140821.000000-000
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: Alex-NoteBook
    Event Code: 1530
    Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

    DÉTAIL -
    1 user registry handles leaked from \Registry\User\S-1-5-21-2616885699-3000390508-1820529282-1000_Classes:
    Process 1096 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2616885699-3000390508-1820529282-1000_CLASSES

    Record Number: 14350
    Source Name: Microsoft-Windows-User Profiles Service
    Time Written: 20090523140822.000000-000
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: Alex-NoteBook
    Event Code: 508
    Message: wlcomm (4880) C:\Users\AlexNoteBook\AppData\Local\Microsoft\Windows Live Contacts\{04267196-b9e1-40c1-9beb-9072bc520b76}\: Une requête pour lire à partir du fichier "C:\Users\AlexNoteBook\AppData\Local\Microsoft\Windows Live Contacts\{04267196-b9e1-40c1-9beb-9072bc520b76}\DBStore\LogFiles\edb.log" à l'offset 2871808 (0x00000000002bd200) pour 68608 (0x00010c00) octets a réussi mais a pris un temps anormalement long (1155 secondes) pour être traité par le système d'exploitation. Ce problème peut être causé par du matériel défaillant. Contactez le fabricant de votre matériel afin d'obtenir plus d'aide pour diagnostiquer le problème.
    Record Number: 14378
    Source Name: ESENT
    Time Written: 20090523204943.000000-000
    Event Type: Avertissement
    User:

    Computer Name: Alex-NoteBook
    Event Code: 1002
    Message: Le programme vlc.exe version 0.9.4.0 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans l’application Rapports et solutions aux problèmes du Panneau de configuration. ID de processus : 1650 Heure de début : 01c9dc533b7f2b60 Heure de fin : 12
    Record Number: 14386
    Source Name: Application Hang
    Time Written: 20090524093748.000000-000
    Event Type: Erreur
    User:

    Computer Name: Alex-NoteBook
    Event Code: 1002
    Message: Le programme vlc.exe version 0.9.4.0 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans l’application Rapports et solutions aux problèmes du Panneau de configuration. ID de processus : 52c Heure de début : 01c9dc5fdc608270 Heure de fin : 15
    Record Number: 14387
    Source Name: Application Hang
    Time Written: 20090524110803.000000-000
    Event Type: Erreur
    User:

    =====Security event log=====

    Computer Name: Alex-NoteBook
    Event Code: 5038
    Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

    Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
    Record Number: 37329
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090524125553.545600-000
    Event Type: Échec de l'audit
    User:

    Computer Name: Alex-NoteBook
    Event Code: 5038
    Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

    Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
    Record Number: 37330
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090524125553.653600-000
    Event Type: Échec de l'audit
    User:

    Computer Name: Alex-NoteBook
    Event Code: 5038
    Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

    Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
    Record Number: 37331
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090524125553.741600-000
    Event Type: Échec de l'audit
    User:

    Computer Name: Alex-NoteBook
    Event Code: 5038
    Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

    Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
    Record Number: 37332
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090524125553.840600-000
    Event Type: Échec de l'audit
    User:

    Computer Name: Alex-NoteBook
    Event Code: 5038
    Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

    Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
    Record Number: 37333
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090524125553.959600-000
    Event Type: Échec de l'audit
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE"=x86
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "USERNAME"=SYSTEM
    "windir"=%SystemRoot%
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
    "PROCESSOR_REVISION"=0f0d
    "NUMBER_OF_PROCESSORS"=2

    -----------------EOF-----------------
    a b 8 Sécurité
    25 Mai 2009 12:47:26

    Re,

    Désactive l'UAC (Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le)

    Télécharge Navilog (de Il-Mafioso)

  • Enregistre-le sur ton Bureau.
  • Installe-le en double cliquant sur navilog.exe.
  • Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
    (Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau) [Clic droit -> "Exécuter en tant qu'administrateur". ( Pour Vista)]
  • Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
    ! N'utilise pas l'option 2, 3 et 4 sans notre accord !
  • Patiente jusqu'à l'apparition de ce message :
    *** Analyse Termine le ..... ***
  • Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.
  • Poste le rapport généré.

    Le rapport se trouve ici : C:\fixnavi.txt
    Anonyme
    25 Mai 2009 14:34:26

    Search Navipromo version 3.7.7 commencé le 25/05/2009 à 14:08:56,19

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1

    Mise à jour le 12.05.2009 à 18h00 par IL-MAFIOSO

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz )
    BIOS : Ver 1.00PARTTBL
    USER : AlexNoteBook ( Administrator )
    BOOT : Normal boot

    Antivirus : ESET NOD32 Antivirus 3.0 3.0 (Activated)


    C:\ (Local Disk) - NTFS - Total:74 Go (Free:12 Go)
    E:\ (Local Disk) - NTFS - Total:73 Go (Free:40 Go)
    F:\ (CD or DVD)


    Recherche executé en mode normal


    *** Recherche dossiers dans "C:\Windows" ***


    *** Recherche dossiers dans "C:\Program Files" ***


    *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


    *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***


    *** Recherche dossiers dans "C:\ProgramData" ***


    *** Recherche dossiers dans "c:\users\alexno~1\appdata\roaming\micros~1\windows\startm~1\programs" ***


    *** Recherche dossiers dans "C:\Users\AlexNoteBook\AppData\Local\virtualstore\Program Files" ***



    *** Recherche dossiers dans "C:\Users\AlexNoteBook\AppData\Local" ***




    *** Recherche dossiers dans "C:\Users\AlexNoteBook\AppData\Roaming" ***


    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net



    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans "C:\Windows\system32" *

    * Recherche dans "C:\Users\AlexNoteBook\AppData\Local\Microsoft" *

    * Recherche dans "C:\Users\AlexNoteBook\AppData\Local" *



    *** Recherche fichiers ***



    *** Recherche clés spécifiques dans le Registre ***
    !! Les clés trouvées ne sont pas forcément infectées !!


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "amagwgo"="\"c:\\users\\alexnotebook\\appdata\\local\\amagwgo.exe\" amagwgo"


    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :


    2)Recherche Heuristique :

    * Dans "C:\Windows\system32" :


    * Dans "C:\Users\AlexNoteBook\AppData\Local\Microsoft" :


    * Dans "C:\Users\AlexNoteBook\AppData\Local" :

    amagwgo.exe trouvé !
    amagwgo.dat trouvé !
    amagwgo_nav.dat trouvé !
    amagwgo_navps.dat trouvé !

    3)Recherche Certificats :

    Certificat Egroup absent !
    Certificat Electronic-Group absent !
    Certificat Montorgueil absent !
    Certificat OOO-Favorit absent !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche autres dossiers et fichiers connus :



    *** Analyse terminée le 25/05/2009 à 14:27:39,91 ***
    a b 8 Sécurité
    25 Mai 2009 18:34:53

    Re,

  • Double clique sur le raccourci de Navilog.
  • Choisis l'option 2 puis valide. (Entrée)
  • Laisse toi guider.
  • Ton ordinateur va redémarrer, sinon fais le manuellement.
  • Ton bureau va disparaître.
  • Après un certain temps, le Bloc-notes va s'ouvrir.
  • Sauvegarde le rapport.
  • Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

    Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
    Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
    Tapes explorer et valide. Cela te fera apparaitre ton bureau


    Démarrer -> panneau de configuration -> options internet
    Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" :

    VIP

    Si tu le trouve, fais ceci :
    * Sélectionne ce certificat et clique sur exporter. Enregistre --e sur ton bureau.
    * Supprime-le dans l'onglet "certificats" des options de ton naviguateur.

    Ensuite pour le certificat présent sur ton bureau :
    * Va sur le site Web :
    http://www.bleepingcomputer.com/submit-malware.php?chan...
    * Copie/colle ceci dans la case 'Link to Topic' :
    le nom du certificat (Montorgueil ,......)
    * Copie/colle ceci dans la case 'Browse to the File' :
    Le certificat correspondant que tu avais exportés vers ton bureau

    Si c'est fait, supprime enfin le certificat présent sur ton bureau.

    Les programmes suivants installent cette infection :

    * Go-astro
    * GoRecord
    * HotTVPlayer
    * Live Player
    * MailSkinner
    * Messenger Skinner
    * Instant Access
    * InternetGameBox
    * sudoplanet
    * Webmediaplayer : sauf celui provenant du site suivant > http://www.azertysite.new.fr/
    * Sur le site www.games-desktop.com (Ne pas aller dessus!)

  • Poste le rapport sauvegardé auparavant (C:\cleannavi.txt) ainsi qu'un nouveau rapport Hijackthis.
    Anonyme
    25 Mai 2009 20:27:07

    ok, j'ai pas trouvé le certificat vip, je t'envoie les rapports

    Clean Navipromo version 3.7.7 commencé le 25/05/2009 à 20:09:44,37

    Outil exécuté depuis C:\Program Files\navilog1

    Mise à jour le 12.05.2009 à 18h00 par IL-MAFIOSO

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz )
    BIOS : Ver 1.00PARTTBL
    USER : AlexNoteBook ( Administrator )
    BOOT : Normal boot

    Antivirus : ESET NOD32 Antivirus 3.0 3.0 (Activated)


    C:\ (Local Disk) - NTFS - Total:74 Go (Free:12 Go)
    E:\ (Local Disk) - NTFS - Total:73 Go (Free:40 Go)
    F:\ (CD or DVD)


    Mode suppression automatique
    avec prise en charge résultats Catchme et GNS


    Nettoyage exécuté au redémarrage de l'ordinateur


    *** fsbl1.txt non trouvé ***
    (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


    *** Suppression avec sauvegardes résultats GenericNaviSearch ***

    * Suppression dans "C:\Windows\System32" *


    * Suppression dans "C:\Users\AlexNoteBook\AppData\Local\Microsoft" *


    * Suppression dans "C:\Users\AlexNoteBook\AppData\Local" *



    *** Suppression dossiers dans "C:\Windows" ***


    *** Suppression dossiers dans "C:\Program Files" ***


    *** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


    *** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***


    *** Suppression dossiers dans "C:\ProgramData" ***


    *** Suppression dossiers dans c:\users\alexno~1\appdata\roaming\micros~1\windows\startm~1\programs ***


    *** Suppression dossiers dans "C:\Users\AlexNoteBook\AppData\Local\virtualstore\Program Files" ***


    *** Suppression dossiers dans "C:\Users\AlexNoteBook\AppData\Local" ***


    *** Suppression dossiers dans "C:\Users\AlexNoteBook\AppData\Roaming" ***



    *** Suppression fichiers ***


    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\Windows\Temp effectué !
    Nettoyage contenu C:\Users\ALEXNO~1\AppData\Local\Temp effectué !

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

    2)Recherche, création sauvegardes et suppression Heuristique :


    * Dans "C:\Windows\system32" *



    * Dans "C:\Users\AlexNoteBook\AppData\Local\Microsoft" *



    * Dans "C:\Users\AlexNoteBook\AppData\Local" *


    amagwgo.exe trouvé !
    Copie amagwgo.exe réalisée avec succès !
    amagwgo.exe supprimé !

    amagwgo.dat trouvé !
    Copie amagwgo.dat réalisée avec succès !
    amagwgo.dat supprimé !

    amagwgo_nav.dat trouvé !
    Copie amagwgo_nav.dat réalisée avec succès !
    amagwgo_nav.dat supprimé !

    amagwgo_navps.dat trouvé !
    Copie amagwgo_navps.dat réalisée avec succès !
    amagwgo_navps.dat supprimé !


    *** Sauvegarde du Registre vers dossier Safebackup ***

    sauvegarde du Registre réalisée avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok


    *** Certificats ***

    Certificat Egroup absent !
    Certificat Electronic-Group absent !
    Certificat Montorgueil absent !
    Certificat OOO-Favorit absent !
    Certificat Sunny-Day-Design-Ltdt absent !


    *** Recherche autres dossiers et fichiers connus ***



    *** Nettoyage terminé le 25/05/2009 à 20:14:54,07 ***

    Anonyme
    25 Mai 2009 20:27:48

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by AlexNoteBook at 2009-05-25 20:22:49
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 12 GB (16%) free of 76 GB
    Total RAM: 2046 MB (55% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:23:10, on 25/05/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\conime.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
    C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\AlexNoteBook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JICK0069\RSIT[3].exe
    C:\Program Files\trend micro\AlexNoteBook.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
    O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
    O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Free Download Manager - RCS] C:\Program Files\Free Download Manager\fdmwi.exe -autorun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing)
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redirect-home?tag=Tosh... (file missing)
    O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpld...
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrob...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 10514 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
    Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-18 1082880]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
    P2P Energy Toolbar - C:\Program Files\P2P_Energy\tbP2P_.dll [2007-12-10 1510424]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    Anonyme
    25 Mai 2009 20:29:03

    en revanche pas de rapport info.txt reduit dans la barre des taches cette fois ci
    Anonyme
    25 Mai 2009 22:23:44

    En tout cas plus de pages de pub intempestives, je te remercie beaucoup!
    Dans un autre registre j'ai un soucis avec ares galaxy, j'en etais tres content jusqu'a il y a peu, tres souvent il ne reprend pas les telechargements, il reste en mode connexion, et quand par miracle il telecharge, souvent je ne plus naviguer sur le net, in ternet explorer mets une plombe pour par exemple juste afficher la page d'acceuil de google...
    a b 8 Sécurité
    26 Mai 2009 13:48:45

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

    ~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    ~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
    ~~~~ Fais redémarrer ton ordinateur normalement et poste le rapport dans ta prochaine réponse.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    Note : Si tu ne parviens à télécharger MBAM à part de MajorGeeks, tu peux le télécharger ici!

    [#FF0000]Aide
    :
  • Comment utiliser MBAM.
  • Comment faire démarrer son ordinateur en mode sans échec.
    Anonyme
    27 Mai 2009 04:57:00

    c'est fait, deux elements infectés ont été supprimés, mais pas d'amelioration par rapport a mon pb....

    Malwarebytes' Anti-Malware 1.37
    Version de la base de données: 2183
    Windows 6.0.6001 Service Pack 1

    27/05/2009 03:46:11
    mbam-log-2009-05-27 (03-46-11).txt

    Type de recherche: Examen complet (C:\|E:\|)
    Eléments examinés: 182810
    Temps écoulé: 2 hour(s), 27 minute(s), 7 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\desktop sms (Worm.P2P) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    c:\Users\alexnotebook\AppData\Local\Google\Chrome\user data\Default\Cache\f_0056c5 (Adware.Navipromo) -> Quarantined and deleted successfully.
    a b 8 Sécurité
    27 Mai 2009 19:24:32

    Refais un scan RSIT.
    Anonyme
    28 Mai 2009 00:47:45

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by AlexNoteBook at 2009-05-28 00:46:38
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 13 GB (17%) free of 76 GB
    Total RAM: 2046 MB (40% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:46:46, on 28/05/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Users\AlexNoteBook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JICK0069\RSIT[3].exe
    C:\Program Files\trend micro\AlexNoteBook.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
    O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Free Download Manager - RCS] C:\Program Files\Free Download Manager\fdmwi.exe -autorun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing)
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redirect-home?tag=Tosh... (file missing)
    O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpld...
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrob...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 10585 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
    Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-18 1082880]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
    P2P Energy Toolbar - C:\Program Files\P2P_Energy\tbP2P_.dll [2007-12-10 1510424]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-29 259696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-29 668656]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-29 470512]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-29 259696]
    {2bae58c2-79f9-45d1-a286-81f911301c3a} - P2P Energy Toolbar - C:\Program Files\P2P_Energy\tbP2P_.dll [2007-12-10 1510424]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
    "KeNotify"=C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [2006-11-06 34352]
    "SVPWUTIL"=C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [2006-03-22 438272]
    "HWSetup"=\HWSetup.exe hwSetUP []
    "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-09-03 4702208]
    "TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2007-03-29 411192]
    "HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-07 55416]
    "SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2007-04-03 509496]
    "00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2007-05-22 538744]
    "NDSTray.exe"=NDSTray.exe []
    "topi"=C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2007-07-10 581632]
    "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
    "SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-07-27 204800]
    "Toshiba Registration"=C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [2007-02-19 571024]
    "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-02-12 174872]
    "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-03-20 1451304]
    "egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-01-30 1443072]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
    "TOSCDSPD"=TOSCDSPD.EXE []
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-15 39408]
    "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-18 21633320]
    "Free Download Manager - RCS"=C:\Program Files\Free Download Manager\fdmwi.exe -autorun []

    C:\Users\AlexNoteBook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    Outil de détection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableUIADesktopToggle"=0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    ======File associations======

    .js - edit - C:\Windows\System32\Notepad.exe %1
    .js - open - C:\Windows\System32\WScript.exe "%1" %*

    ======List of files/folders created in the last 1 months======

    2009-05-27 01:12:27 ----D---- C:\Users\AlexNoteBook\AppData\Roaming\Malwarebytes
    2009-05-27 01:12:21 ----D---- C:\ProgramData\Malwarebytes
    2009-05-27 01:12:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-05-25 14:07:36 ----D---- C:\Program Files\Navilog1
    2009-05-24 14:55:09 ----D---- C:\Program Files\trend micro
    2009-05-24 14:55:06 ----D---- C:\rsit
    2009-05-20 02:49:33 ----D---- C:\Program Files\Ares
    2009-05-15 16:44:39 ----D---- C:\ProgramData\Adobe
    2009-05-15 16:44:35 ----D---- C:\Program Files\Common Files\Adobe
    2009-05-15 16:39:28 ----D---- C:\ProgramData\NOS
    2009-05-15 16:39:27 ----D---- C:\Program Files\NOS
    2009-05-06 01:21:44 ----D---- C:\Program Files\P2P_Energy
    2009-04-29 15:08:00 ----A---- C:\Windows\system32\mshtmler.dll
    2009-04-29 15:08:00 ----A---- C:\Windows\system32\mshtmled.dll
    2009-04-29 15:08:00 ----A---- C:\Windows\system32\ieui.dll
    2009-04-29 15:08:00 ----A---- C:\Windows\system32\icardie.dll
    2009-04-29 15:08:00 ----A---- C:\Windows\system32\admparse.dll
    2009-04-29 15:07:59 ----A---- C:\Windows\system32\msls31.dll
    2009-04-29 15:07:59 ----A---- C:\Windows\system32\jsproxy.dll
    2009-04-29 15:07:59 ----A---- C:\Windows\system32\imgutil.dll
    2009-04-29 15:07:59 ----A---- C:\Windows\system32\iernonce.dll
    2009-04-29 15:07:59 ----A---- C:\Windows\system32\ieakeng.dll
    2009-04-29 15:07:59 ----A---- C:\Windows\system32\dxtmsft.dll
    2009-04-29 15:07:59 ----A---- C:\Windows\system32\corpol.dll
    2009-04-29 15:07:58 ----A---- C:\Windows\system32\occache.dll
    2009-04-29 15:07:58 ----A---- C:\Windows\system32\msfeedsbs.dll
    2009-04-29 15:07:58 ----A---- C:\Windows\system32\licmgr10.dll
    2009-04-29 15:07:58 ----A---- C:\Windows\system32\inseng.dll
    2009-04-29 15:07:58 ----A---- C:\Windows\system32\iepeers.dll
    2009-04-29 15:07:58 ----A---- C:\Windows\system32\ieaksie.dll
    2009-04-29 15:07:58 ----A---- C:\Windows\system32\dxtrans.dll
    2009-04-29 15:07:57 ----A---- C:\Windows\system32\WinFXDocObj.exe
    2009-04-29 15:07:57 ----A---- C:\Windows\system32\wextract.exe
    2009-04-29 15:07:57 ----A---- C:\Windows\system32\webcheck.dll
    2009-04-29 15:07:57 ----A---- C:\Windows\system32\mstime.dll
    2009-04-29 15:07:57 ----A---- C:\Windows\system32\msrating.dll
    2009-04-29 15:07:57 ----A---- C:\Windows\system32\msfeedssync.exe
    2009-04-29 15:07:57 ----A---- C:\Windows\system32\iesetup.dll
    2009-04-29 15:07:57 ----A---- C:\Windows\system32\ieakui.dll
    2009-04-29 15:07:56 ----A---- C:\Windows\system32\pngfilt.dll
    2009-04-29 15:07:56 ----A---- C:\Windows\system32\msfeeds.dll
    2009-04-29 15:07:56 ----A---- C:\Windows\system32\ieapfltr.dll
    2009-04-29 15:07:56 ----A---- C:\Windows\system32\advpack.dll
    2009-04-29 15:07:55 ----A---- C:\Windows\system32\vbscript.dll
    2009-04-29 15:07:55 ----A---- C:\Windows\system32\url.dll
    2009-04-29 15:07:55 ----A---- C:\Windows\system32\jscript.dll
    2009-04-29 15:07:55 ----A---- C:\Windows\system32\iedkcs32.dll
    2009-04-29 15:07:54 ----A---- C:\Windows\system32\mshta.exe
    2009-04-29 15:07:54 ----A---- C:\Windows\system32\iexpress.exe
    2009-04-29 15:07:53 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
    2009-04-29 15:07:53 ----A---- C:\Windows\system32\SetDepNx.exe
    2009-04-29 15:07:53 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
    2009-04-29 15:07:53 ----A---- C:\Windows\system32\PDMSetup.exe
    2009-04-29 15:07:53 ----A---- C:\Windows\system32\ieUnatt.exe
    2009-04-29 15:07:53 ----A---- C:\Windows\system32\iesysprep.dll
    2009-04-29 15:07:53 ----A---- C:\Windows\system32\iertutil.dll
    2009-04-29 15:07:53 ----A---- C:\Windows\system32\ie4uinit.exe
    2009-04-29 15:07:52 ----A---- C:\Windows\system32\wininet.dll
    2009-04-29 15:07:52 ----A---- C:\Windows\system32\urlmon.dll
    2009-04-29 15:07:51 ----A---- C:\Windows\system32\ieframe.dll
    2009-04-29 15:07:50 ----A---- C:\Windows\system32\mshtml.dll

    ======List of files/folders modified in the last 1 months======

    2009-05-28 00:46:46 ----D---- C:\Windows\Prefetch
    2009-05-28 00:46:44 ----D---- C:\Windows\Temp
    2009-05-28 00:00:16 ----SHD---- C:\System Volume Information
    2009-05-28 00:00:03 ----D---- C:\Users\AlexNoteBook\AppData\Roaming\skypePM
    2009-05-27 08:55:05 ----D---- C:\Windows\system32\catroot
    2009-05-27 08:55:03 ----D---- C:\Windows\winsxs
    2009-05-27 03:48:30 ----D---- C:\Windows\system32\drivers
    2009-05-27 03:48:30 ----D---- C:\Windows
    2009-05-27 01:12:21 ----HD---- C:\ProgramData
    2009-05-27 01:12:20 ----RD---- C:\Program Files
    2009-05-25 20:35:41 ----HD---- C:\Windows\system32\GroupPolicy
    2009-05-25 20:14:53 ----D---- C:\Windows\System32
    2009-05-24 23:11:27 ----D---- C:\Windows\inf
    2009-05-24 23:11:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2009-05-23 14:42:46 ----SHD---- C:\Windows\Installer
    2009-05-23 10:40:50 ----D---- C:\Users\AlexNoteBook\AppData\Roaming\dvdcss
    2009-05-16 16:01:32 ----D---- C:\Users\AlexNoteBook\AppData\Roaming\Skype
    2009-05-15 17:04:21 ----SD---- C:\Windows\Downloaded Program Files
    2009-05-15 17:04:20 ----D---- C:\Windows\system32\Macromed
    2009-05-15 16:44:35 ----D---- C:\Program Files\Common Files
    2009-05-15 16:44:35 ----D---- C:\Program Files\Adobe
    2009-05-13 13:42:54 ----D---- C:\Program Files\Windows Mail
    2009-05-13 12:42:36 ----D---- C:\Windows\system32\catroot2
    2009-05-09 14:03:06 ----D---- C:\Windows\Tasks
    2009-05-08 13:25:27 ----D---- C:\Program Files\Internet Explorer
    2009-05-07 09:16:29 ----A---- C:\Windows\system32\mrt.exe
    2009-04-29 15:52:03 ----D---- C:\Windows\rescache
    2009-04-29 15:11:53 ----D---- C:\Windows\system32\fr-FR
    2009-04-29 15:11:44 ----D---- C:\Windows\system32\migration
    2009-04-29 15:11:44 ----D---- C:\Windows\system32\en-US
    2009-04-29 15:11:44 ----D---- C:\Windows\PolicyDefinitions

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2008-01-30 29704]
    R1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-01-30 34312]
    R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2008-01-30 39944]
    R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
    R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-20 3077632]
    R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
    R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-05 1953944]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
    R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-04-30 81408]
    R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
    R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-03-20 208688]
    R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
    R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-01-24 290304]
    R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
    R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-04-16 11776]
    S3 athr;Pilote de périphérique LAN sans fil extensible Atheros; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]
    S3 catchme;catchme; \??\C:\Users\ALEXNO~1\AppData\Local\Temp\catchme.sys []
    S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
    S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
    S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
    S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
    S3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
    S3 PMUSB2G;PassMark® Software USB 2.0 Loopback plug; C:\Windows\System32\Drivers\PMUSB.sys [2004-11-25 18944]
    S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
    S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys []
    S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
    S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
    S4 CplIR;Embedded IR Driver; C:\Windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
    S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2007-01-18 219392]
    S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2007-01-18 211072]
    S4 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
    S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
    R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-09-20 610304]
    R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
    R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-01-30 468224]
    R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-02-12 355096]
    R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe [2007-09-21 77824]
    R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
    R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2007-03-29 427576]
    R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
    S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe []
    S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2009-02-03 398848]
    S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-01-30 19200]
    S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]
    S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

    -----------------EOF-----------------
    Anonyme
    28 Mai 2009 00:49:14

    pas de rapport info....
    a b 8 Sécurité
    28 Mai 2009 17:43:04

    Re,

    Télécharge OTMoveIt3 (de OldTimer). Sauvegarde-le sur ton Bureau.
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    :processes
    explorer.exe

    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{2bae58c2-79f9-45d1-a286-81f911301c3a}"=-

    :files
    C:\Program Files\P2P_Energy

    :commands
    [emptytemp]
    [start explorer]
    [reboot]


    Double clique sur OTMoveIt3.exe afin de le lancer.
    Colle (ou Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
    Clique maintenant sur le bouton [#ff0000]MoveIt![/#f] puis ferme OTMoveIt3.

    [#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.[/#f]

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log
    Anonyme
    29 Mai 2009 01:06:38

    j'ai fait ce que tu as dit, l'application me marque impossible de supprimer je sais plus quelles clés, tout mon bureau disparait, reste juste les gadgets windows et mon fond d'ecran (meme al barre des taches disparait, ensuite s'ouvre une fentre "l'application ne repond plus', la fenetre de l'application de vien t blancje, rien ne se passe rien repond, donc je clique sur fermer l'application, ensuite toujours rien sur le bureau, pas d'autre choix que d'eteindre mon ordi manuellement (avec le bouton), et de le rallumer...
    a b 8 Sécurité
    29 Mai 2009 17:57:58

    Que le bureau disparaisse c'est normal. Tu peux recommencer avec le nouveau script que je viens d'éditer ?
    31 Mai 2009 18:44:31

    Bonjour Angeldark, j'ai moi aussi ce probleme, et j'ai installé RSIT, puis naviglog1, en ne selectionnant que l'option 1. Je me suis arreté là car mon antivirus a detecté un virus à la fin de l'analyse de naviglog1. Est-ce vraiment normal ??? Est-ce que ces deux derniers programmes dernièrement installés étaient fiables ??

    Merci de m'éclairer
    Dom.
    a b 8 Sécurité
    1 Juin 2009 14:16:23

    Il se peut qu'un antivirus réagisse mal oui. Chacun son sujet merci :) 
    Anonyme
    2 Juin 2009 17:15:16

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== REGISTRY ==========
    Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}\\ .
    Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\\ .
    Unable to delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2bae58c2-79f9-45d1-a286-81f911301c3a} .
    Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2bae58c2-79f9-45d1-a286-81f911301c3a}\ .
    ========== FILES ==========
    Folder move failed. C:\Program Files\P2P_Energy scheduled to be moved on reboot.
    ========== COMMANDS ==========
    File delete failed. C:\Users\ALEXNO~1\AppData\Local\Temp\Low\~DF4266.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Users\ALEXNO~1\AppData\Local\Temp\Low\~DFEC92.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Users\ALEXNO~1\AppData\Local\Temp\~DFDF6C.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Users\ALEXNO~1\AppData\Local\Temp\~DFDF71.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Users\ALEXNO~1\AppData\Local\Temp\~DFDFBC.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Users\ALEXNO~1\AppData\Local\Temp\~DFDFC1.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Users\ALEXNO~1\AppData\Local\Temp\~DFDFE9.tmp scheduled to be deleted on reboot.
    File delete failed. C:\Users\ALEXNO~1\AppData\Local\Temp\~DFDFEE.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Internet Explorer cache folder emptied.
    Windows Temp folder emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 06022009_170740
    a b 8 Sécurité
    3 Juin 2009 17:19:03

    Refais un scan RSIT.
    Anonyme
    4 Juin 2009 08:39:25

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by AlexNoteBook at 2009-06-04 08:30:02
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
    System drive C: has 19 GB (25%) free of 76 GB
    Total RAM: 2046 MB (43% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 08:30:12, on 04/06/2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Ares\Ares.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\AlexNoteBook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QFR2B56\RSIT[1].exe
    C:\Program Files\trend micro\AlexNoteBook.exe
    C:\PROGRA~1\Java\jre6\bin\ssvagent.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
    O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Free Download Manager - RCS] C:\Program Files\Free Download Manager\fdmwi.exe -autorun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing)
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redirect-home?tag=Tosh... (file missing)
    O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpld...
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrob...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 10512 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
    Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-18 1082880]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
    P2P Energy Toolbar - C:\Program Files\P2P_Energy\tbP2P_.dll [2007-12-10 1510424]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-29 259696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-29 668656]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-29 470512]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-29 259696]
    {2bae58c2-79f9-45d1-a286-81f911301c3a} - P2P Energy Toolbar - C:\Program Files\P2P_Energy\tbP2P_.dll [2007-12-10 1510424]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
    "KeNotify"=C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [2006-11-06 34352]
    "SVPWUTIL"=C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [2006-03-22 438272]
    "HWSetup"=\HWSetup.exe hwSetUP []
    "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-09-03 4702208]
    "TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2007-03-29 411192]
    "HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-07 55416]
    "SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2007-04-03 509496]
    "00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2007-05-22 538744]
    "NDSTray.exe"=NDSTray.exe []
    "topi"=C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2007-07-10 581632]
    "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
    "SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-07-27 204800]
    "Toshiba Registration"=C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [2007-02-19 571024]
    "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-02-12 174872]
    "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-03-20 1451304]
    "egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-01-30 1443072]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
    "Skytel"=C:\Windows\Skytel.exe [2007-08-03 1826816]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
    "TOSCDSPD"=TOSCDSPD.EXE []
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-15 39408]
    "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-18 21633320]
    "Free Download Manager - RCS"=C:\Program Files\Free Download Manager\fdmwi.exe -autorun []

    C:\Users\AlexNoteBook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    Outil de détection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableUIADesktopToggle"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "BindDirectlyToPropertySetStorage"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    ======File associations======

    .js - edit - C:\Windows\System32\Notepad.exe %1
    .js - open - C:\Windows\System32\WScript.exe "%1" %*

    ======List of files/folders created in the last 1 months======

    2009-06-02 18:30:24 ----D---- C:\Windows\system32\eu-ES
    2009-06-02 18:30:24 ----D---- C:\Windows\system32\ca-ES
    2009-06-02 18:30:14 ----D---- C:\Windows\system32\vi-VN
    2009-06-02 17:53:02 ----D---- C:\Windows\system32\EventProviders
    2009-06-02 17:49:06 ----A---- C:\Windows\system32\NlsLexicons0007.dll
    2009-06-02 17:49:02 ----A---- C:\Windows\system32\SLCExt.dll
    2009-06-02 17:49:01 ----A---- C:\Windows\system32\SLsvc.exe
    2009-06-02 17:48:54 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
    2009-06-02 17:48:54 ----A---- C:\Windows\system32\DevicePairingWizard.exe
    2009-06-02 17:48:50 ----A---- C:\Windows\system32\NlsLexicons0009.dll
    2009-06-02 17:48:45 ----A---- C:\Windows\system32\mssrch.dll
    2009-06-02 17:48:40 ----A---- C:\Windows\system32\tquery.dll
    2009-06-02 17:48:38 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
    2009-06-02 17:48:38 ----A---- C:\Windows\system32\lsasrv.dll
    2009-06-02 17:48:37 ----A---- C:\Windows\system32\RMActivate_isv.exe
    2009-06-02 17:48:36 ----A---- C:\Windows\system32\scavenge.dll
    2009-06-02 17:48:36 ----A---- C:\Windows\system32\RMActivate.exe
    2009-06-02 17:48:34 ----A---- C:\Windows\system32\msi.dll
    2009-06-02 17:48:33 ----A---- C:\Windows\system32\imapi2fs.dll
    2009-06-02 17:48:32 ----A---- C:\Windows\system32\secproc_isv.dll
    2009-06-02 17:48:31 ----A---- C:\Windows\system32\WscEapPr.dll
    2009-06-02 17:48:31 ----A---- C:\Windows\system32\wcnwiz2.dll
    2009-06-02 17:48:31 ----A---- C:\Windows\system32\sysmain.dll
    2009-06-02 17:48:28 ----A---- C:\Windows\system32\icardagt.exe
    2009-06-02 17:48:27 ----A---- C:\Windows\system32\mf.dll
    2009-06-02 17:48:26 ----A---- C:\Windows\system32\EhStorShell.dll
    2009-06-02 17:48:26 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
    2009-06-02 17:48:24 ----A---- C:\Windows\system32\spreview.exe
    2009-06-02 17:48:24 ----A---- C:\Windows\system32\spinstall.exe
    2009-06-02 17:48:23 ----A---- C:\Windows\system32\drmv2clt.dll
    2009-06-02 17:48:21 ----A---- C:\Windows\system32\spwizui.dll
    2009-06-02 17:48:21 ----A---- C:\Windows\system32\secproc.dll
    2009-06-02 17:48:21 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
    2009-06-02 17:48:19 ----A---- C:\Windows\system32\shell32.dll
    2009-06-02 17:48:18 ----A---- C:\Windows\system32\SearchIndexer.exe
    2009-06-02 17:48:18 ----A---- C:\Windows\system32\p2psvc.dll
    2009-06-02 17:48:17 ----A---- C:\Windows\system32\mssvp.dll
    2009-06-02 17:48:16 ----A---- C:\Windows\system32\mscoree.dll
    2009-06-02 17:48:16 ----A---- C:\Windows\system32\localspl.dll
    2009-06-02 17:48:15 ----A---- C:\Windows\system32\mssphtb.dll
    2009-06-02 17:48:15 ----A---- C:\Windows\system32\mssph.dll
    2009-06-02 17:48:15 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
    2009-06-02 17:48:14 ----A---- C:\Windows\system32\imapi2.dll
    2009-06-02 17:48:13 ----A---- C:\Windows\system32\sdohlp.dll
    2009-06-02 17:48:12 ----A---- C:\Windows\system32\ntkrnlpa.exe
    2009-06-02 17:48:11 ----A---- C:\Windows\system32\IMJP10K.DLL
    2009-06-02 17:48:11 ----A---- C:\Windows\system32\esent.dll
    2009-06-02 17:48:11 ----A---- C:\Windows\system32\DevicePairing.dll
    2009-06-02 17:48:10 ----A---- C:\Windows\system32\sperror.dll
    2009-06-02 17:48:10 ----A---- C:\Windows\system32\RMActivate_ssp.exe
    2009-06-02 17:48:10 ----A---- C:\Windows\system32\korwbrkr.dll
    2009-06-02 17:48:09 ----A---- C:\Windows\system32\wevtsvc.dll
    2009-06-02 17:48:09 ----A---- C:\Windows\system32\SLC.dll
    2009-06-02 17:48:09 ----A---- C:\Windows\system32\PresentationHostProxy.dll
    2009-06-02 17:48:09 ----A---- C:\Windows\system32\IasMigReader.exe
    2009-06-02 17:48:08 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
    2009-06-02 17:48:08 ----A---- C:\Windows\system32\msshsq.dll
    2009-06-02 17:48:06 ----A---- C:\Windows\system32\wmp.dll
    2009-06-02 17:48:05 ----A---- C:\Windows\system32\WMVCORE.DLL
    2009-06-02 17:48:04 ----A---- C:\Windows\system32\msjet40.dll
    2009-06-02 17:48:04 ----A---- C:\Windows\system32\MPSSVC.dll
    2009-06-02 17:48:03 ----A---- C:\Windows\system32\ntoskrnl.exe
    2009-06-02 17:48:02 ----A---- C:\Windows\system32\msxml6.dll
    2009-06-02 17:48:01 ----A---- C:\Windows\system32\Query.dll
    2009-06-02 17:48:01 ----A---- C:\Windows\system32\qmgr.dll
    2009-06-02 17:48:00 ----A---- C:\Windows\system32\msexch40.dll
    2009-06-02 17:48:00 ----A---- C:\Windows\system32\diagperf.dll
    2009-06-02 17:47:59 ----A---- C:\Windows\system32\rpcrt4.dll
    2009-06-02 17:47:59 ----A---- C:\Windows\system32\P2PGraph.dll
    2009-06-02 17:47:59 ----A---- C:\Windows\system32\ole32.dll
    2009-06-02 17:47:59 ----A---- C:\Windows\system32\ntdll.dll
    2009-06-02 17:47:58 ----A---- C:\Windows\system32\srchadmin.dll
    2009-06-02 17:47:58 ----A---- C:\Windows\system32\msxml3.dll
    2009-06-02 17:47:57 ----A---- C:\Windows\system32\winload.exe
    2009-06-02 17:47:57 ----A---- C:\Windows\system32\mblctr.exe
    2009-06-02 17:47:57 ----A---- C:\Windows\system32\EncDec.dll
    2009-06-02 17:47:56 ----A---- C:\Windows\system32\uDWM.dll
    2009-06-02 17:47:56 ----A---- C:\Windows\system32\mmc.exe
    2009-06-02 17:47:55 ----A---- C:\Windows\system32\riched20.dll
    2009-06-02 17:47:55 ----A---- C:\Windows\system32\IasMigPlugin.dll
    2009-06-02 17:47:55 ----A---- C:\Windows\system32\dfsr.exe
    2009-06-02 17:47:54 ----A---- C:\Windows\system32\RacEngn.dll
    2009-06-02 17:47:54 ----A---- C:\Windows\system32\fdBth.dll
    2009-06-02 17:47:52 ----A---- C:\Windows\system32\SearchProtocolHost.exe
    2009-06-02 17:47:52 ----A---- C:\Windows\system32\SearchFilterHost.exe
    2009-06-02 17:47:52 ----A---- C:\Windows\system32\milcore.dll
    2009-06-02 17:47:52 ----A---- C:\Windows\system32\kernel32.dll
    2009-06-02 17:47:51 ----A---- C:\Windows\system32\spoolss.dll
    2009-06-02 17:47:51 ----A---- C:\Windows\system32\EhStorAPI.dll
    2009-06-02 17:47:51 ----A---- C:\Windows\system32\CertEnroll.dll
    2009-06-02 17:47:50 ----A---- C:\Windows\system32\schedsvc.dll
    2009-06-02 17:47:50 ----A---- C:\Windows\system32\NaturalLanguage6.dll
    2009-06-02 17:47:49 ----A---- C:\Windows\system32\msvcp60.dll
    2009-06-02 17:47:49 ----A---- C:\Windows\system32\msjtes40.dll
    2009-06-02 17:47:49 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
    2009-06-02 17:47:48 ----A---- C:\Windows\system32\infocardapi.dll
    2009-06-02 17:47:48 ----A---- C:\Windows\system32\gpedit.dll
    2009-06-02 17:47:46 ----A---- C:\Windows\system32\WinSAT.exe
    2009-06-02 17:47:46 ----A---- C:\Windows\system32\es.dll
    2009-06-02 17:47:45 ----A---- C:\Windows\system32\PresentationSettings.exe
    2009-06-02 17:47:45 ----A---- C:\Windows\system32\mstext40.dll
    2009-06-02 17:47:45 ----A---- C:\Windows\system32\Magnify.exe
    2009-06-02 17:47:45 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
    2009-06-02 17:47:38 ----A---- C:\Windows\system32\advapi32.dll
    2009-06-02 17:47:36 ----A---- C:\Windows\system32\WMPhoto.dll
    2009-06-02 17:47:36 ----A---- C:\Windows\system32\WebClnt.dll
    2009-06-02 17:47:35 ----A---- C:\Windows\system32\slwmi.dll
    2009-06-02 17:47:35 ----A---- C:\Windows\system32\msxbde40.dll
    2009-06-02 17:47:35 ----A---- C:\Windows\system32\msexcl40.dll
    2009-06-02 17:47:35 ----A---- C:\Windows\system32\comsvcs.dll
    2009-06-02 17:47:34 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
    2009-06-02 17:47:34 ----A---- C:\Windows\system32\vssapi.dll
    2009-06-02 17:47:33 ----A---- C:\Windows\system32\authui.dll
    2009-06-02 17:47:32 ----A---- C:\Windows\system32\NetProjW.dll
    2009-06-02 17:47:32 ----A---- C:\Windows\system32\mstscax.dll
    2009-06-02 17:47:31 ----A---- C:\Windows\system32\PresentationHost.exe
    2009-06-02 17:47:31 ----A---- C:\Windows\system32\newdev.dll
    2009-06-02 17:47:31 ----A---- C:\Windows\system32\msrepl40.dll
    2009-06-02 17:47:30 ----A---- C:\Windows\system32\propsys.dll
    2009-06-02 17:47:30 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2009-06-02 17:47:30 ----A---- C:\Windows\system32\iasrecst.dll
    2009-06-02 17:47:30 ----A---- C:\Windows\system32\gpsvc.dll
    2009-06-02 17:47:30 ----A---- C:\Windows\system32\eudcedit.exe
    2009-06-02 17:47:29 ----A---- C:\Windows\system32\crypt32.dll
    2009-06-02 17:47:29 ----A---- C:\Windows\explorer.exe
    2009-06-02 17:47:28 ----A---- C:\Windows\system32\rpcss.dll
    2009-06-02 17:47:27 ----A---- C:\Windows\system32\setupapi.dll
    2009-06-02 17:47:27 ----A---- C:\Windows\system32\mspbde40.dll
    2009-06-02 17:47:26 ----A---- C:\Windows\system32\d3d9.dll
    2009-06-02 17:47:25 ----A---- C:\Windows\system32\shlwapi.dll
    2009-06-02 17:47:25 ----A---- C:\Windows\system32\msltus40.dll
    2009-06-02 17:47:25 ----A---- C:\Windows\system32\mfc42.dll
    2009-06-02 17:47:25 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
    2009-06-02 17:47:25 ----A---- C:\Windows\system32\davclnt.dll
    2009-06-02 17:47:24 ----A---- C:\Windows\system32\msrd3x40.dll
    2009-06-02 17:47:24 ----A---- C:\Windows\system32\msdtctm.dll
    2009-06-02 17:47:24 ----A---- C:\Windows\system32\EhStorAuthn.dll
    2009-06-02 17:47:23 ----A---- C:\Windows\system32\wevtapi.dll
    2009-06-02 17:47:23 ----A---- C:\Windows\system32\photowiz.dll
    2009-06-02 17:47:23 ----A---- C:\Windows\system32\nlhtml.dll
    2009-06-02 17:47:23 ----A---- C:\Windows\system32\browseui.dll
    2009-06-02 17:47:20 ----A---- C:\Windows\system32\user32.dll
    2009-06-02 17:47:20 ----A---- C:\Windows\system32\samsrv.dll
    2009-06-02 17:47:20 ----A---- C:\Windows\system32\ci.dll
    2009-06-02 17:47:19 ----A---- C:\Windows\system32\win32spl.dll
    2009-06-02 17:47:19 ----A---- C:\Windows\system32\quartz.dll
    2009-06-02 17:47:18 ----A---- C:\Windows\system32\WcnNetsh.dll
    2009-06-02 17:47:18 ----A---- C:\Windows\system32\SLCommDlg.dll
    2009-06-02 17:47:18 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
    2009-06-02 17:47:18 ----A---- C:\Windows\system32\oleaut32.dll
    2009-06-02 17:47:18 ----A---- C:\Windows\system32\msv1_0.dll
    2009-06-02 17:47:18 ----A---- C:\Windows\system32\kerberos.dll
    2009-06-02 17:47:18 ----A---- C:\Windows\system32\IKEEXT.DLL
    2009-06-02 17:47:17 ----A---- C:\Windows\system32\netshell.dll
    2009-06-02 17:47:17 ----A---- C:\Windows\system32\compcln.exe
    2009-06-02 17:47:17 ----A---- C:\Windows\system32\apds.dll
    2009-06-02 17:47:16 ----A---- C:\Windows\system32\xmlfilter.dll
    2009-06-02 17:47:16 ----A---- C:\Windows\system32\winhttp.dll
    2009-06-02 17:47:16 ----A---- C:\Windows\system32\mswstr10.dll
    2009-06-02 17:47:16 ----A---- C:\Windows\system32\audiosrv.dll
    2009-06-02 17:47:15 ----A---- C:\Windows\system32\msvcrt.dll
    2009-06-02 17:47:15 ----A---- C:\Windows\system32\msctf.dll
    2009-06-02 17:47:15 ----A---- C:\Windows\system32\gdi32.dll
    2009-06-02 17:47:15 ----A---- C:\Windows\system32\emdmgmt.dll
    2009-06-02 17:47:14 ----A---- C:\Windows\system32\VSSVC.exe
    2009-06-02 17:47:14 ----A---- C:\Windows\system32\QAGENTRT.DLL
    2009-06-02 17:47:14 ----A---- C:\Windows\system32\iphlpsvc.dll
    2009-06-02 17:47:13 ----A---- C:\Windows\system32\sqlsrv32.dll
    2009-06-02 17:47:13 ----A---- C:\Windows\system32\SLUI.exe
    2009-06-02 17:47:13 ----A---- C:\Windows\system32\msrd2x40.dll
    2009-06-02 17:47:13 ----A---- C:\Windows\system32\mfc42u.dll
    2009-06-02 17:47:13 ----A---- C:\Windows\system32\eapphost.dll
    2009-06-02 17:47:12 ----A---- C:\Windows\system32\odbc32.dll
    2009-06-02 17:47:11 ----A---- C:\Windows\system32\winresume.exe
    2009-06-02 17:47:11 ----A---- C:\Windows\system32\propdefs.dll
    2009-06-02 17:47:10 ----A---- C:\Windows\system32\shdocvw.dll
    2009-06-02 17:47:09 ----A---- C:\Windows\system32\wevtutil.exe
    2009-06-02 17:47:09 ----A---- C:\Windows\system32\mssitlb.dll
    2009-06-02 17:47:09 ----A---- C:\Windows\system32\dbgeng.dll
    2009-06-02 17:47:07 ----A---- C:\Windows\system32\WsmSvc.dll
    2009-06-02 17:47:06 ----A---- C:\Windows\system32\swprv.dll
    2009-06-02 17:47:06 ----A---- C:\Windows\system32\mmcndmgr.dll
    2009-06-02 17:47:05 ----A---- C:\Windows\system32\vds.exe
    2009-06-02 17:47:05 ----A---- C:\Windows\system32\usp10.dll
    2009-06-02 17:47:04 ----A---- C:\Windows\system32\netlogon.dll
    2009-06-02 17:47:04 ----A---- C:\Windows\system32\msctfp.dll
    2009-06-02 17:47:04 ----A---- C:\Windows\system32\fdBthProxy.dll
    2009-06-02 17:47:04 ----A---- C:\Windows\system32\drvinst.exe
    2009-06-02 17:47:04 ----A---- C:\Windows\system32\devmgr.dll
    2009-06-02 17:47:03 ----A---- C:\Windows\system32\schannel.dll
    2009-06-02 17:47:03 ----A---- C:\Windows\system32\msscb.dll
    2009-06-02 17:47:03 ----A---- C:\Windows\system32\DevicePairingProxy.dll
    2009-06-02 17:47:03 ----A---- C:\Windows\system32\BFE.DLL
    2009-06-02 17:47:03 ----A---- C:\Windows\system32\adsldpc.dll
    2009-06-02 17:47:02 ----A---- C:\Windows\system32\Wldap32.dll
    2009-06-02 17:47:02 ----A---- C:\Windows\system32\wcnwiz.dll
    2009-06-02 17:47:02 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
    2009-06-02 17:47:02 ----A---- C:\Windows\system32\evr.dll
    2009-06-02 17:47:01 ----A---- C:\Windows\system32\WSDApi.dll
    2009-06-02 17:47:01 ----A---- C:\Windows\system32\WMVSDECD.DLL
    2009-06-02 17:47:01 ----A---- C:\Windows\system32\WindowsCodecs.dll
    2009-06-02 17:47:00 ----A---- C:\Windows\system32\wercon.exe
    2009-06-02 17:47:00 ----A---- C:\Windows\system32\services.exe
    2009-06-02 17:47:00 ----A---- C:\Windows\system32\comdlg32.dll
    2009-06-02 17:47:00 ----A---- C:\Windows\system32\adtschema.dll
    2009-06-02 17:46:59 ----A---- C:\Windows\system32\wcncsvc.dll
    2009-06-02 17:46:59 ----A---- C:\Windows\system32\PortableDeviceApi.dll
    2009-06-02 17:46:59 ----A---- C:\Windows\system32\msdrm.dll
    2009-06-02 17:46:59 ----A---- C:\Windows\system32\mimefilt.dll
    2009-06-02 17:46:59 ----A---- C:\Windows\system32\certcli.dll
    2009-06-02 17:46:58 ----A---- C:\Windows\system32\umpnpmgr.dll
    2009-06-02 17:46:58 ----A---- C:\Windows\system32\taskeng.exe
    2009-06-02 17:46:58 ----A---- C:\Windows\system32\rtffilt.dll
    2009-06-02 17:46:58 ----A---- C:\Windows\system32\reg.exe
    2009-06-02 17:46:58 ----A---- C:\Windows\system32\mswdat10.dll
    2009-06-02 17:46:58 ----A---- C:\Windows\system32\msjter40.dll
    2009-06-02 17:46:58 ----A---- C:\Windows\system32\msdtcprx.dll
    2009-06-02 17:46:58 ----A---- C:\Windows\system32\ipsmsnap.dll
    2009-06-02 17:46:58 ----A---- C:\Windows\system32\dnsapi.dll
    2009-06-02 17:46:57 ----A---- C:\Windows\system32\WMNetMgr.dll
    2009-06-02 17:46:57 ----A---- C:\Windows\system32\w32time.dll
    2009-06-02 17:46:57 ----A---- C:\Windows\system32\certutil.exe
    2009-06-02 17:46:56 ----A---- C:\Windows\system32\msshooks.dll
    2009-06-02 17:46:56 ----A---- C:\Windows\system32\msscntrs.dll
    2009-06-02 17:46:56 ----A---- C:\Windows\system32\IPSECSVC.DLL
    2009-06-02 17:46:56 ----A---- C:\Windows\system32\bthserv.dll
    2009-06-02 17:46:56 ----A---- C:\Windows\system32\bcrypt.dll
    2009-06-02 17:46:55 ----A---- C:\Windows\system32\TsWpfWrp.exe
    2009-06-02 17:46:55 ----A---- C:\Windows\system32\rsaenh.dll
    2009-06-02 17:46:55 ----A---- C:\Windows\system32\msstrc.dll
    2009-06-02 17:46:55 ----A---- C:\Windows\system32\msihnd.dll
    2009-06-02 17:46:55 ----A---- C:\Windows\system32\MMDevAPI.dll
    2009-06-02 17:46:53 ----A---- C:\Windows\system32\netapi32.dll
    2009-06-02 17:46:53 ----A---- C:\Windows\system32\mtxclu.dll
    2009-06-02 17:46:53 ----A---- C:\Windows\system32\mscories.dll
    2009-06-02 17:46:53 ----A---- C:\Windows\system32\inetpp.dll
    2009-06-02 17:46:53 ----A---- C:\Windows\system32\inetcomm.dll
    2009-06-02 17:46:53 ----A---- C:\Windows\system32\hidserv.dll
    2009-06-02 17:46:53 ----A---- C:\Windows\system32\fundisc.dll
    2009-06-02 17:46:53 ----A---- C:\Windows\system32\dfshim.dll
    2009-06-02 17:46:53 ----A---- C:\Windows\system32\cryptsvc.dll
    2009-06-02 17:46:52 ----A---- C:\Windows\system32\wmicmiplugin.dll
    2009-06-02 17:46:52 ----A---- C:\Windows\system32\profsvc.dll
    2009-06-02 17:46:52 ----A---- C:\Windows\system32\dhcpcsvc6.dll
    2009-06-02 17:46:51 ----A---- C:\Windows\system32\termsrv.dll
    2009-06-02 17:46:50 ----A---- C:\Windows\system32\gameux.dll
    2009-06-02 17:46:49 ----A---- C:\Windows\system32\wdc.dll
    2009-06-02 17:46:49 ----A---- C:\Windows\system32\shsvcs.dll
    2009-06-02 17:46:49 ----A---- C:\Windows\system32\msiexec.exe
    2009-06-02 17:46:49 ----A---- C:\Windows\system32\imapi.dll
    2009-06-02 17:46:49 ----A---- C:\Windows\system32\chsbrkr.dll
    2009-06-02 17:46:48 ----A---- C:\Windows\system32\rasmans.dll
    2009-06-02 17:46:48 ----A---- C:\Windows\system32\iassdo.dll
    2009-06-02 17:46:47 ----A---- C:\Windows\system32\spoolsv.exe
    2009-06-02 17:46:47 ----A---- C:\Windows\system32\pnidui.dll
    2009-06-02 17:46:47 ----A---- C:\Windows\system32\icardres.dll
    2009-06-02 17:46:47 ----A---- C:\Windows\system32\autofmt.exe
    2009-06-02 17:46:46 ----A---- C:\Windows\system32\wersvc.dll
    2009-06-02 17:46:46 ----A---- C:\Windows\system32\slmgr.vbs
    2009-06-02 17:46:46 ----A---- C:\Windows\system32\scrrun.dll
    2009-06-02 17:46:46 ----A---- C:\Windows\system32\PSHED.DLL
    2009-06-02 17:46:46 ----A---- C:\Windows\system32\pdh.dll
    2009-06-02 17:46:46 ----A---- C:\Windows\system32\dhcpcsvc.dll
    2009-06-02 17:46:46 ----A---- C:\Windows\system32\CertEnrollUI.dll
    2009-06-02 17:46:46 ----A---- C:\Windows\system32\azroles.dll
    2009-06-02 17:46:45 ----A---- C:\Windows\system32\pidgenx.dll
    2009-06-02 17:46:44 ----A---- C:\Windows\system32\wmpmde.dll
    2009-06-02 17:46:44 ----A---- C:\Windows\system32\winlogon.exe
    2009-06-02 17:46:43 ----A---- C:\Windows\system32\SyncCenter.dll
    2009-06-02 17:46:42 ----A---- C:\Windows\system32\SLUINotify.dll
    2009-06-02 17:46:42 ----A---- C:\Windows\system32\ncrypt.dll
    2009-06-02 17:46:42 ----A---- C:\Windows\system32\msjetoledb40.dll
    2009-06-02 17:46:42 ----A---- C:\Windows\system32\kd1394.dll
    2009-06-02 17:46:42 ----A---- C:\Windows\system32\comuid.dll
    2009-06-02 17:46:42 ----A---- C:\Windows\system32\certmgr.dll
    2009-06-02 17:46:41 ----A---- C:\Windows\system32\wisptis.exe
    2009-06-02 17:46:41 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
    2009-06-02 17:46:41 ----A---- C:\Windows\system32\untfs.dll
    2009-06-02 17:46:41 ----A---- C:\Windows\system32\spp.dll
    2009-06-02 17:46:41 ----A---- C:\Windows\system32\sethc.exe
    2009-06-02 17:46:41 ----A---- C:\Windows\system32\scrobj.dll
    2009-06-02 17:46:41 ----A---- C:\Windows\system32\rtutils.dll
    2009-06-02 17:46:41 ----A---- C:\Windows\system32\iassam.dll
    2009-06-02 17:46:40 ----A---- C:\Windows\system32\taskcomp.dll
    2009-06-02 17:46:40 ----A---- C:\Windows\system32\dwm.exe
    2009-06-02 17:46:40 ----A---- C:\Windows\system32\autochk.exe
    2009-06-02 17:46:39 ----A---- C:\Windows\system32\printui.dll
    2009-06-02 17:46:39 ----A---- C:\Windows\system32\iasnap.dll
    2009-06-02 17:46:39 ----A---- C:\Windows\system32\autoconv.exe
    2009-06-02 17:46:38 ----A---- C:\Windows\system32\winsrv.dll
    2009-06-02 17:46:38 ----A---- C:\Windows\system32\kdcom.dll
    2009-06-02 17:46:38 ----A---- C:\Windows\system32\cscript.exe
    2009-06-02 17:46:38 ----A---- C:\Windows\system32\basecsp.dll
    2009-06-02 17:46:37 ----A---- C:\Windows\system32\wow32.dll
    2009-06-02 17:46:37 ----A---- C:\Windows\system32\userenv.dll
    2009-06-02 17:46:37 ----A---- C:\Windows\system32\osk.exe
    2009-06-02 17:46:37 ----A---- C:\Windows\system32\onex.dll
    2009-06-02 17:46:37 ----A---- C:\Windows\system32\mswsock.dll
    2009-06-02 17:46:37 ----A---- C:\Windows\system32\audiodg.exe
    2009-06-02 17:46:36 ----A---- C:\Windows\system32\spcmsg.dll
    2009-06-02 17:46:36 ----A---- C:\Windows\system32\kdusb.dll
    2009-06-02 17:46:35 ----A---- C:\Windows\system32\WinSCard.dll
    2009-06-02 17:46:35 ----A---- C:\Windows\system32\winmm.dll
    2009-06-02 17:46:35 ----A---- C:\Windows\system32\WerFaultSecure.exe
    2009-06-02 17:46:35 ----A---- C:\Windows\system32\RelMon.dll
    2009-06-02 17:46:35 ----A---- C:\Windows\system32\rdpencom.dll
    2009-06-02 17:46:35 ----A---- C:\Windows\system32\offfilt.dll
    2009-06-02 17:46:35 ----A---- C:\Windows\system32\msftedit.dll
    2009-06-02 17:46:35 ----A---- C:\Windows\system32\dnsrslvr.dll
    2009-06-02 17:46:33 ----A---- C:\Windows\system32\WerFault.exe
    2009-06-02 17:46:33 ----A---- C:\Windows\system32\Utilman.exe
    2009-06-02 17:46:33 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
    2009-06-02 17:46:33 ----A---- C:\Windows\system32\secproc_ssp.dll
    2009-06-02 17:46:32 ----A---- C:\Windows\system32\wsepno.dll
    2009-06-02 17:46:32 ----A---- C:\Windows\system32\stobject.dll
    2009-06-02 17:46:32 ----A---- C:\Windows\system32\SndVol.exe
    2009-06-02 17:46:32 ----A---- C:\Windows\system32\mfplat.dll
    2009-06-02 17:46:32 ----A---- C:\Windows\system32\diskraid.exe
    2009-06-02 17:46:32 ----A---- C:\Windows\system32\apphelp.dll
    2009-06-02 17:46:31 ----A---- C:\Windows\system32\wiaservc.dll
    2009-06-02 17:46:31 ----A---- C:\Windows\system32\sysclass.dll
    2009-06-02 17:46:31 ----A---- C:\Windows\system32\prnntfy.dll
    2009-06-02 17:46:31 ----A---- C:\Windows\system32\msnetobj.dll
    2009-06-02 17:46:31 ----A---- C:\Windows\system32\mscms.dll
    2009-06-02 17:46:31 ----A---- C:\Windows\system32\mcmde.dll
    2009-06-02 17:46:31 ----A---- C:\Windows\system32\adsmsext.dll
    2009-06-02 17:46:30 ----A---- C:\Windows\system32\wscript.exe
    2009-06-02 17:46:30 ----A---- C:\Windows\system32\ulib.dll
    2009-06-02 17:46:30 ----A---- C:\Windows\system32\secur32.dll
    2009-06-02 17:46:30 ----A---- C:\Windows\system32\odbccp32.dll
    2009-06-02 17:46:30 ----A---- C:\Windows\system32\iasdatastore.dll
    2009-06-02 17:46:30 ----A---- C:\Windows\system32\dsound.dll
    2009-06-02 17:46:29 ----A---- C:\Windows\system32\wscntfy.dll
    2009-06-02 17:46:29 ----A---- C:\Windows\system32\wlansvc.dll
    2009-06-02 17:46:29 ----A---- C:\Windows\system32\rastapi.dll
    2009-06-02 17:46:29 ----A---- C:\Windows\system32\pnpsetup.dll
    2009-06-02 17:46:29 ----A---- C:\Windows\system32\ipsecsnp.dll
    2009-06-02 17:46:29 ----A---- C:\Windows\system32\IPHLPAPI.DLL
    2009-06-02 17:46:29 ----A---- C:\Windows\system32\fdProxy.dll
    2009-06-02 17:46:29 ----A---- C:\Windows\system32\cryptui.dll
    2009-06-02 17:46:28 ----A---- C:\Windows\system32\wscsvc.dll
    2009-06-02 17:46:28 ----A---- C:\Windows\system32\wlangpui.dll
    2009-06-02 17:46:28 ----A---- C:\Windows\system32\vdsdyn.dll
    2009-06-02 17:46:28 ----A---- C:\Windows\system32\rastls.dll
    2009-06-02 17:46:28 ----A---- C:\Windows\system32\iashlpr.dll
    2009-06-02 17:46:28 ----A---- C:\Windows\system32\gpapi.dll
    2009-06-02 17:46:28 ----A---- C:\Windows\system32\diskpart.exe
    2009-06-02 17:46:28 ----A---- C:\Windows\system32\brcpl.dll
    2009-06-02 17:46:27 ----A---- C:\Windows\system32\WMVENCOD.DLL
    2009-06-02 17:46:27 ----A---- C:\Windows\system32\regsvc.dll
    2009-06-02 17:46:27 ----A---- C:\Windows\system32\rasapi32.dll
    2009-06-02 17:46:27 ----A---- C:\Windows\system32\ntprint.dll
    2009-06-02 17:46:27 ----A---- C:\Windows\system32\netiohlp.dll
    2009-06-02 17:46:27 ----A---- C:\Windows\system32\mscorier.dll
    2009-06-02 17:46:27 ----A---- C:\Windows\system32\logman.exe
    2009-06-02 17:46:26 ----A---- C:\Windows\system32\zipfldr.dll
    2009-06-02 17:46:26 ----A---- C:\Windows\system32\wusa.exe
    2009-06-02 17:46:26 ----A---- C:\Windows\system32\wshext.dll
    2009-06-02 17:46:26 ----A---- C:\Windows\system32\wpccpl.dll
    2009-06-02 17:46:26 ----A---- C:\Windows\system32\iasrad.dll
    2009-06-02 17:46:26 ----A---- C:\Windows\system32\findstr.exe
    2009-06-02 17:46:25 ----A---- C:\Windows\system32\rasdlg.dll
    2009-06-02 17:46:25 ----A---- C:\Windows\system32\netcenter.dll
    2009-06-02 17:46:24 ----A---- C:\Windows\system32\wsnmp32.dll
    2009-06-02 17:46:24 ----A---- C:\Windows\system32\wer.dll
    2009-06-02 17:46:24 ----A---- C:\Windows\system32\themecpl.dll
    2009-06-02 17:46:24 ----A---- C:\Windows\system32\iassvcs.dll
    2009-06-02 17:46:22 ----A---- C:\Windows\system32\uxsms.dll
    2009-06-02 17:46:22 ----A---- C:\Windows\system32\tsbyuv.dll
    2009-06-02 17:46:22 ----A---- C:\Windows\system32\srvsvc.dll
    2009-06-02 17:46:22 ----A---- C:\Windows\system32\scansetting.dll
    2009-06-02 17:46:22 ----A---- C:\Windows\system32\ntmarta.dll
    2009-06-02 17:46:22 ----A---- C:\Windows\system32\msutb.dll
    2009-06-02 17:46:22 ----A---- C:\Windows\system32\mstlsapi.dll
    2009-06-02 17:46:22 ----A---- C:\Windows\system32\mssprxy.dll
    2009-06-02 17:46:22 ----A---- C:\Windows\system32\iasads.dll
    2009-06-02 17:46:21 ----A---- C:\Windows\system32\slcc.dll
    2009-06-02 17:46:21 ----A---- C:\Windows\system32\powrprof.dll
    2009-06-02 17:46:21 ----A---- C:\Windows\system32\mstsc.exe
    2009-06-02 17:46:21 ----A---- C:\Windows\system32\iasacct.dll
    2009-06-02 17:46:20 ----A---- C:\Windows\system32\powercpl.dll
    2009-06-02 17:46:20 ----A---- C:\Windows\system32\PerfCenterCPL.dll
    2009-06-02 17:46:20 ----A---- C:\Windows\system32\networkmap.dll
    2009-06-02 17:46:20 ----A---- C:\Windows\system32\authz.dll
    2009-06-02 17:46:19 ----A---- C:\Windows\system32\wlanhlp.dll
    2009-06-02 17:46:19 ----A---- C:\Windows\system32\sud.dll
    2009-06-02 17:46:19 ----A---- C:\Windows\system32\newdev.exe
    2009-06-02 17:46:19 ----A---- C:\Windows\system32\dot3svc.dll
    2009-06-02 17:46:19 ----A---- C:\Windows\system32\connect.dll
    2009-06-02 17:46:18 ----A---- C:\Windows\system32\themeui.dll
    2009-06-02 17:46:18 ----A---- C:\Windows\system32\systemcpl.dll
    2009-06-02 17:46:18 ----A---- C:\Windows\system32\pcaui.dll
    2009-06-02 17:46:18 ----A---- C:\Windows\system32\accessibilitycpl.dll
    2009-06-02 17:46:17 ----A---- C:\Windows\system32\usercpl.dll
    2009-06-02 17:46:17 ----A---- C:\Windows\system32\samlib.dll
    2009-06-02 17:46:17 ----A---- C:\Windows\system32\mmci.dll
    2009-06-02 17:46:16 ----A---- C:\Windows\system32\autoplay.dll
    2009-06-02 17:46:15 ----A---- C:\Windows\system32\qdvd.dll
    2009-06-02 17:46:14 ----A---- C:\Windows\system32\wlanpref.dll
    2009-06-02 17:46:14 ----A---- C:\Windows\system32\rpchttp.dll
    2009-06-02 17:46:14 ----A---- C:\Windows\system32\regapi.dll
    2009-06-02 17:46:13 ----A---- C:\Windows\system32\wpcao.dll
    2009-06-02 17:46:13 ----A---- C:\Windows\system32\vdsutil.dll
    2009-06-02 17:46:13 ----A---- C:\Windows\system32\tapisrv.dll
    2009-06-02 17:46:13 ----A---- C:\Windows\system32\scksp.dll
    2009-06-02 17:46:13 ----A---- C:\Windows\system32\msinfo32.exe
    2009-06-02 17:46:12 ----A---- C:\Windows\system32\scesrv.dll
    2009-06-02 17:46:12 ----A---- C:\Windows\system32\psisdecd.dll
    2009-06-02 17:46:12 ----A---- C:\Windows\system32\oleprn.dll
    2009-06-02 17:46:12 ----A---- C:\Windows\system32\mpr.dll
    2009-06-02 17:46:12 ----A---- C:\Windows\system32\imm32.dll
    2009-06-02 17:46:12 ----A---- C:\Windows\system32\feclient.dll
    2009-06-02 17:46:12 ----A---- C:\Windows\system32\dot3msm.dll
    2009-06-02 17:46:12 ----A---- C:\Windows\system32\AudioSes.dll
    2009-06-02 17:46:11 ----A---- C:\Windows\system32\wscisvif.dll
    2009-06-02 17:46:11 ----A---- C:\Windows\system32\sdclt.exe
    2009-06-02 17:46:11 ----A---- C:\Windows\system32\rekeywiz.exe
    2009-06-02 17:46:11 ----A---- C:\Windows\system32\iaspolcy.dll
    2009-06-02 17:46:11 ----A---- C:\Windows\system32\Faultrep.dll
    2009-06-02 17:46:11 ----A---- C:\Windows\system32\dpapimig.exe
    2009-06-02 17:46:11 ----A---- C:\Windows\system32\DeviceEject.exe
    2009-06-02 17:46:10 ----A---- C:\Windows\system32\scecli.dll
    2009-06-02 17:46:10 ----A---- C:\Windows\system32\rasgcw.dll
    2009-06-02 17:46:10 ----A---- C:\Windows\system32\qedit.dll
    2009-06-02 17:46:10 ----A---- C:\Windows\system32\pnpui.dll
    2009-06-02 17:46:10 ----A---- C:\Windows\system32\perfdisk.dll
    2009-06-02 17:46:10 ----A---- C:\Windows\system32\ncryptui.dll
    2009-06-02 17:46:10 ----A---- C:\Windows\system32\hdwwiz.exe
    2009-06-02 17:46:10 ----A---- C:\Windows\system32\certreq.exe
    2009-06-02 17:46:09 ----A---- C:\Windows\system32\TSTheme.exe
    2009-06-02 17:46:09 ----A---- C:\Windows\system32\spwinsat.dll
    2009-06-02 17:46:09 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
    2009-06-02 17:46:09 ----A---- C:\Windows\system32\rasplap.dll
    2009-06-02 17:46:09 ----A---- C:\Windows\system32\FWPUCLNT.DLL
    2009-06-02 17:46:08 ----A---- C:\Windows\system32\whealogr.dll
    2009-06-02 17:46:08 ----A---- C:\Windows\system32\tcpmon.dll
    2009-06-02 17:46:08 ----A---- C:\Windows\system32\tcpipcfg.dll
    2009-06-02 17:46:08 ----A---- C:\Windows\system32\PnPUnattend.exe
    2009-06-02 17:46:08 ----A---- C:\Windows\system32\fdWSD.dll
    2009-06-02 17:46:08 ----A---- C:\Windows\system32\cmmon32.exe
    2009-06-02 17:46:07 ----A---- C:\Windows\system32\srcore.dll
    2009-06-02 17:46:07 ----A---- C:\Windows\system32\SnippingTool.exe
    2009-06-02 17:46:07 ----A---- C:\Windows\system32\SCardSvr.dll
    2009-06-02 17:46:07 ----A---- C:\Windows\system32\raschap.dll
    2009-06-02 17:46:07 ----A---- C:\Windows\system32\fontext.dll
    2009-06-02 17:46:07 ----A---- C:\Windows\system32\conime.exe
    2009-06-02 17:46:07 ----A---- C:\Windows\system32\cmdial32.dll
    2009-06-02 17:46:06 ----A---- C:\Windows\system32\WMVXENCD.DLL
    2009-06-02 17:46:06 ----A---- C:\Windows\system32\wlanui.dll
    2009-06-02 17:46:06 ----A---- C:\Windows\system32\wiaaut.dll
    2009-06-02 17:46:06 ----A---- C:\Windows\system32\rasppp.dll
    2009-06-02 17:46:06 ----A---- C:\Windows\system32\PnPutil.exe
    2009-06-02 17:46:06 ----A---- C:\Windows\system32\MSVidCtl.dll
    2009-06-02 17:46:06 ----A---- C:\Windows\system32\dsprop.dll
    2009-06-02 17:46:05 ----A---- C:\Windows\system32\wlanmsm.dll
    2009-06-02 17:46:05 ----A---- C:\Windows\system32\shwebsvc.dll
    2009-06-02 17:46:05 ----A---- C:\Windows\system32\oobefldr.dll
    2009-06-02 17:46:05 ----A---- C:\Windows\system32\dimsroam.dll
    2009-06-02 17:46:04 ----A---- C:\Windows\system32\shsetup.dll
    2009-06-02 17:46:04 ----A---- C:\Windows\system32\rasmontr.dll
    2009-06-02 17:46:04 ----A---- C:\Windows\system32\mscandui.dll
    2009-06-02 17:46:04 ----A---- C:\Windows\system32\modemui.dll
    2009-06-02 17:46:03 ----A---- C:\Windows\system32\wmdrmsdk.dll
    2009-06-02 17:46:03 ----A---- C:\Windows\system32\dataclen.dll
    2009-06-02 17:46:03 ----A---- C:\Windows\system32\chtbrkr.dll
    2009-06-02 17:46:02 ----A---- C:\Windows\system32\WSDMon.dll
    2009-06-02 17:46:02 ----A---- C:\Windows\system32\wlgpclnt.dll
    2009-06-02 17:46:02 ----A---- C:\Windows\system32\smss.exe
    2009-06-02 17:46:02 ----A---- C:\Windows\system32\rdpwsx.dll
    2009-06-02 17:46:02 ----A---- C:\Windows\system32\netplwiz.dll
    2009-06-02 17:46:02 ----A---- C:\Windows\system32\credui.dll
    2009-06-02 17:46:02 ----A---- C:\Windows\system32\blackbox.dll
    2009-06-02 17:46:01 ----A---- C:\Windows\system32\wmpeffects.dll
    2009-06-02 17:46:01 ----A---- C:\Windows\system32\networkexplorer.dll
    2009-06-02 17:46:01 ----A---- C:\Windows\system32\certprop.dll
    2009-06-02 17:46:00 ----A---- C:\Windows\system32\wscapi.dll
    2009-06-02 17:46:00 ----A---- C:\Windows\system32\wpcsvc.dll
    2009-06-02 17:46:00 ----A---- C:\Windows\system32\thawbrkr.dll
    2009-06-02 17:46:00 ----A---- C:\Windows\system32\msscp.dll
    2009-06-02 17:46:00 ----A---- C:\Windows\system32\msimtf.dll
    2009-06-02 17:46:00 ----A---- C:\Windows\system32\logagent.exe
    2009-06-02 17:46:00 ----A---- C:\Windows\system32\InkEd.dll
    2009-06-02 17:46:00 ----A---- C:\Windows\system32\ifmon.dll
    2009-06-02 17:46:00 ----A---- C:\Windows\system32\gpresult.exe
    2009-06-02 17:46:00 ----A---- C:\Windows\system32\cipher.exe
    2009-06-02 17:45:59 ----A---- C:\Windows\system32\softkbd.dll
    2009-06-02 17:45:59 ----A---- C:\Windows\system32\sendmail.dll
    2009-06-02 17:45:58 ----A---- C:\Windows\system32\olepro32.dll
    2009-06-02 17:45:58 ----A---- C:\Windows\system32\msctfui.dll
    2009-06-02 17:45:58 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
    2009-06-02 17:45:58 ----A---- C:\Windows\system32\drmmgrtn.dll
    2009-06-02 17:45:58 ----A---- C:\Windows\system32\dmsynth.dll
    2009-06-02 17:45:58 ----A---- C:\Windows\system32\Apphlpdm.dll
    2009-06-02 17:45:57 ----A---- C:\Windows\system32\wshbth.dll
    2009-06-02 17:45:57 ----A---- C:\Windows\system32\version.dll
    2009-06-02 17:45:57 ----A---- C:\Windows\system32\SLLUA.exe
    2009-06-02 17:45:57 ----A---- C:\Windows\system32\puiapi.dll
    2009-06-02 17:45:57 ----A---- C:\Windows\system32\mprapi.dll
    2009-06-02 17:45:57 ----A---- C:\Windows\system32\input.dll
    2009-06-02 17:45:57 ----A---- C:\Windows\system32\ExplorerFrame.dll
    2009-06-02 17:45:57 ----A---- C:\Windows\system32\cdd.dll
    2009-06-02 17:45:56 ----A---- C:\Windows\system32\msisip.dll
    2009-06-02 17:45:56 ----A---- C:\Windows\system32\fc.exe
    2009-06-02 17:45:55 ----A---- C:\Windows\system32\rrinstaller.exe
    2009-06-02 17:45:55 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
    2009-06-02 17:45:55 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
    2009-06-02 17:45:55 ----A---- C:\Windows\system32\msjint40.dll
    2009-06-02 17:45:55 ----A---- C:\Windows\system32\MsCtfMonitor.dll
    2009-06-02 17:45:55 ----A---- C:\Windows\system32\l2nacp.dll
    2009-06-02 17:45:55 ----A---- C:\Windows\system32\ftp.exe
    2009-06-02 17:45:55 ----A---- C:\Windows\system32\fdSSDP.dll
    2009-06-02 17:45:55 ----A---- C:\Windows\system32\eapp3hst.dll
    2009-06-02 17:45:55 ----A---- C:\Windows\system32\dmusic.dll
    2009-06-02 17:45:55 ----A---- C:\Windows\system32\cscdll.dll
    2009-06-02 17:45:55 ----A---- C:\Windows\system32\cscapi.dll
    2009-06-02 17:45:54 ----A---- C:\Windows\system32\wsdchngr.dll
    2009-06-02 17:45:54 ----A---- C:\Windows\system32\Storprop.dll
    2009-06-02 17:45:54 ----A---- C:\Windows\system32\SMBHelperClass.dll
    2009-06-02 17:45:54 ----A---- C:\Windows\system32\rasdial.exe
    2009-06-02 17:45:54 ----A---- C:\Windows\system32\rasdiag.dll
    2009-06-02 17:45:54 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
    2009-06-02 17:45:54 ----A---- C:\Windows\system32\ipconfig.exe
    2009-06-02 17:45:54 ----A---- C:\Windows\system32\fdWCN.dll
    2009-06-02 17:45:54 ----A---- C:\Windows\system32\eappcfg.dll
    2009-06-02 17:45:54 ----A---- C:\Windows\system32\dot3cfg.dll
    2009-06-02 17:45:54 ----A---- C:\Windows\system32\bthudtask.exe
    2009-06-02 17:45:54 ----A---- C:\Windows\system32\bthci.dll
    2009-06-02 17:45:54 ----A---- C:\Windows\system32\aaclient.dll
    2009-06-02 17:45:53 ----A---- C:\Windows\system32\tscupgrd.exe
    2009-06-02 17:45:53 ----A---- C:\Windows\system32\slcinst.dll
    2009-06-02 17:45:53 ----A---- C:\Windows\system32\ocsetup.exe
    2009-06-02 17:45:53 ----A---- C:\Windows\system32\nslookup.exe
    2009-06-02 17:45:53 ----A---- C:\Windows\system32\networkitemfactory.dll
    2009-06-02 17:45:53 ----A---- C:\Windows\system32\mfps.dll
    2009-06-02 17:45:53 ----A---- C:\Windows\system32\FwRemoteSvr.dll
    2009-06-02 17:45:53 ----A---- C:\Windows\system32\eappgnui.dll
    2009-06-02 17:45:53 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
    2009-06-02 17:45:52 ----A---- C:\Windows\system32\mmcico.dll
    2009-06-02 17:45:52 ----A---- C:\Windows\system32\mfpmp.exe
    2009-06-02 17:45:52 ----A---- C:\Windows\system32\hbaapi.dll
    2009-06-02 17:45:52 ----A---- C:\Windows\system32\fdeploy.dll
    2009-06-02 17:45:51 ----A---- C:\Windows\system32\tsgqec.dll
    2009-06-02 17:45:51 ----A---- C:\Windows\system32\PNPXAssoc.dll
    2009-06-02 17:45:51 ----A---- C:\Windows\system32\gpupdate.exe
    2009-06-02 17:45:51 ----A---- C:\Windows\system32\atmlib.dll
    2009-06-02 17:45:50 ----A---- C:\Windows\system32\NcdProp.dll
    2009-06-02 17:45:50 ----A---- C:\Windows\system32\iscsilog.dll
    2009-06-02 17:45:50 ----A---- C:\Windows\system32\csrstub.exe
    2009-06-02 17:45:50 ----A---- C:\Windows\system32\cbsra.exe
    2009-06-02 17:45:50 ----A---- C:\Windows\system32\bitsigd.dll
    2009-06-02 17:45:49 ----A---- C:\Windows\system32\winrnr.dll
    2009-06-02 17:45:49 ----A---- C:\Windows\system32\vdmdbg.dll
    2009-06-02 17:45:49 ----A---- C:\Windows\system32\slwga.dll
    2009-06-02 17:45:49 ----A---- C:\Windows\system32\odbcconf.dll
    2009-06-02 17:45:49 ----A---- C:\Windows\system32\midimap.dll
    2009-06-02 17:45:49 ----A---- C:\Windows\system32\inetppui.dll
    2009-06-02 17:45:49 ----A---- C:\Windows\system32\atmfd.dll
    2009-06-02 17:45:47 ----A---- C:\Windows\system32\wmploc.DLL
    2009-06-02 17:45:47 ----A---- C:\Windows\system32\spwmp.dll
    2009-06-02 17:45:47 ----A---- C:\Windows\system32\dxmasf.dll
    2009-06-02 17:45:46 ----A---- C:\Windows\system32\msimsg.dll
    2009-06-02 17:45:46 ----A---- C:\Windows\system32\mferror.dll
    2009-06-02 17:45:46 ----A---- C:\Windows\system32\f3ahvoas.dll
    2009-06-02 17:45:13 ----A---- C:\Windows\system32\SmiEngine.dll
    2009-06-02 17:45:11 ----A---- C:\Windows\system32\wdscore.dll
    2009-06-02 17:45:11 ----A---- C:\Windows\system32\PkgMgr.exe
    2009-06-02 17:45:06 ----A---- C:\Windows\system32\drvstore.dll
    2009-05-29 00:50:35 ----D---- C:\_OTMoveIt
    2009-05-27 01:12:27 ----D---- C:\Users\AlexNoteBook\AppData\Roaming\Malwarebytes
    2009-05-27 01:12:21 ----D---- C:\ProgramData\Malwarebytes
    2009-05-27 01:12:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-05-25 14:07:36 ----D---- C:\Program Files\Navilog1
    2009-05-24 14:55:09 ----D---- C:\Program Files\trend micro
    2009-05-24 14:55:06 ----D---- C:\rsit
    2009-05-20 02:49:33 ----D---- C:\Program Files\Ares
    2009-05-15 16:44:39 ----D---- C:\ProgramData\Adobe
    2009-05-15 16:44:35 ----D---- C:\Program Files\Common Files\Adobe
    2009-05-15 16:39:28 ----D---- C:\ProgramData\NOS
    2009-05-15 16:39:27 ----D---- C:\Program Files\NOS
    2009-05-06 01:21:44 ----D---- C:\Program Files\P2P_Energy

    ======List of files/folders modified in the last 1 months======

    2009-06-04 08:30:11 ----D---- C:\Windows\Temp
    2009-06-04 08:30:00 ----D---- C:\Windows\Prefetch
    2009-06-04 08:15:37 ----D---- C:\Users\AlexNoteBook\AppData\Roaming\skypePM
    2009-06-02 18:58:05 ----D---- C:\Windows\Microsoft.NET
    2009-06-02 18:57:30 ----RSD---- C:\Windows\assembly
    2009-06-02 18:57:28 ----D---- C:\Windows\rescache
    2009-06-02 18:47:55 ----D---- C:\Windows\System32
    2009-06-02 18:47:54 ----D---- C:\Windows\inf
    2009-06-02 18:47:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2009-06-02 18:43:15 ----D---- C:\Windows
    2009-06-02 18:43:09 ----D---- C:\Windows\system32\catroot
    2009-06-02 18:43:08 ----SHD---- C:\Boot
    2009-06-02 18:35:16 ----D---- C:\Program Files\Windows Calendar
    2009-06-02 18:35:15 ----D---- C:\Program Files\Windows Mail
    2009-06-02 18:35:14 ----D---- C:\Program Files\Movie Maker
    2009-06-02 18:35:10 ----D---- C:\Program Files\Windows Sidebar
    2009-06-02 18:35:10 ----D---- C:\Program Files\Internet Explorer
    2009-06-02 18:35:09 ----D---- C:\Program Files\Windows Media Player
    2009-06-02 18:35:08 ----D---- C:\Program Files\Windows Journal
    2009-06-02 18:35:08 ----D---- C:\Program Files\Windows Collaboration
    2009-06-02 18:35:02 ----D---- C:\Program Files\Common Files\System
    2009-06-02 18:35:01 ----D---- C:\Program Files\Windows Photo Gallery
    2009-06-02 18:34:36 ----D---- C:\Program Files\Windows Defender
    2009-06-02 18:34:35 ----D---- C:\Windows\servicing
    2009-06-02 18:34:31 ----D---- C:\Windows\ehome
    2009-06-02 18:33:46 ----D---- C:\Windows\system32\lv-LV
    2009-06-02 18:33:46 ----D---- C:\Windows\IME
    2009-06-02 18:33:45 ----D---- C:\Windows\system32\XPSViewer
    2009-06-02 18:33:45 ----D---- C:\Windows\system32\sk-SK
    2009-06-02 18:33:45 ----D---- C:\Windows\system32\hr-HR
    2009-06-02 18:33:45 ----D---- C:\Windows\system32\et-EE
    2009-06-02 18:33:45 ----D---- C:\Windows\system32\da-DK
    2009-06-02 18:33:44 ----D---- C:\Windows\system32\ko-KR
    2009-06-02 18:33:44 ----D---- C:\Windows\system32\en-US
    2009-06-02 18:33:44 ----D---- C:\Windows\system32\de-DE
    2009-06-02 18:33:43 ----D---- C:\Windows\system32\oobe
    2009-06-02 18:33:43 ----D---- C:\Windows\system32\it-IT
    2009-06-02 18:33:43 ----D---- C:\Windows\system32\el-GR
    2009-06-02 18:33:42 ----D---- C:\Windows\system32\fr
    2009-06-02 18:33:41 ----D---- C:\Windows\system32\migration
    2009-06-02 18:33:31 ----D---- C:\Windows\system32\AdvancedInstallers
    2009-06-02 18:33:30 ----D---- C:\Windows\system32\ru-RU
    2009-06-02 18:33:23 ----D---- C:\Windows\system32\fr-FR
    2009-06-02 18:33:14 ----D---- C:\Windows\system32\sv-SE
    2009-06-02 18:33:14 ----D---- C:\Windows\system32\he-IL
    2009-06-02 18:33:13 ----D---- C:\Windows\system32\setup
    2009-06-02 18:33:13 ----D---- C:\Windows\system32\pt-PT
    2009-06-02 18:33:13 ----D---- C:\Windows\system32\hu-HU
    2009-06-02 18:33:13 ----D---- C:\Windows\system32\fi-FI
    2009-06-02 18:33:13 ----D---- C:\Windows\system32\cs-CZ
    2009-06-02 18:33:12 ----D---- C:\Windows\system32\SLUI
    2009-06-02 18:33:08 ----D---- C:\Windows\system32\zh-CN
    2009-06-02 18:33:08 ----D---- C:\Windows\system32\sr-Latn-CS
    2009-06-02 18:33:08 ----D---- C:\Windows\system32\manifeststore
    2009-06-02 18:33:07 ----D---- C:\Windows\system32\zh-TW
    2009-06-02 18:33:07 ----D---- C:\Windows\system32\sl-SI
    2009-06-02 18:33:07 ----D---- C:\Windows\system32\es-ES
    2009-06-02 18:33:06 ----D---- C:\Windows\system32\uk-UA
    2009-06-02 18:33:06 ----D---- C:\Windows\system32\pl-PL
    2009-06-02 18:33:06 ----D---- C:\Windows\system32\ja-JP
    2009-06-02 18:33:06 ----D---- C:\Windows\system32\bg-BG
    2009-06-02 18:33:05 ----D---- C:\Windows\system32\ro-RO
    2009-06-02 18:33:04 ----D---- C:\Windows\system32\th-TH
    2009-06-02 18:33:03 ----D---- C:\Windows\system32\drivers
    2009-06-02 18:32:59 ----D---- C:\Windows\system32\tr-TR
    2009-06-02 18:32:56 ----D---- C:\Windows\system32\wbem
    2009-06-02 18:32:51 ----D---- C:\Windows\system32\nl-NL
    2009-06-02 18:32:51 ----D---- C:\Windows\system32\nb-NO
    2009-06-02 18:32:50 ----D---- C:\Windows\system32\lt-LT
    2009-06-02 18:32:50 ----D---- C:\Windows\system32\ar-SA
    2009-06-02 18:32:48 ----D---- C:\Windows\system32\pt-BR
    2009-06-02 18:32:48 ----D---- C:\Windows\system32\migwiz
    2009-06-02 18:30:42 ----RSD---- C:\Windows\Fonts
    2009-06-02 18:30:41 ----D---- C:\Windows\AppPatch
    2009-06-02 18:30:13 ----D---- C:\Windows\system32\Boot
    2009-06-02 18:28:47 ----D---- C:\Windows\system32\RTCOM
    2009-06-02 18:23:06 ----D---- C:\Windows\winsxs
    2009-06-02 18:14:23 ----SHD---- C:\System Volume Information
    2009-06-02 17:32:28 ----D---- C:\Windows\system32\catroot2
    2009-05-27 01:12:21 ----HD---- C:\ProgramData
    2009-05-27 01:12:20 ----RD---- C:\Program Files
    2009-05-25 20:35:41 ----HD---- C:\Windows\system32\GroupPolicy
    2009-05-23 14:42:46 ----SHD---- C:\Windows\Installer
    2009-05-23 10:40:50 ----D---- C:\Users\AlexNoteBook\AppData\Roaming\dvdcss
    2009-05-16 16:01:32 ----D---- C:\Users\AlexNoteBook\AppData\Roaming\Skype
    2009-05-15 17:04:21 ----SD---- C:\Windows\Downloaded Program Files
    2009-05-15 17:04:20 ----D---- C:\Windows\system32\Macromed
    2009-05-15 16:44:35 ----D---- C:\Program Files\Common Files
    2009-05-15 16:44:35 ----D---- C:\Program Files\Adobe
    2009-05-09 14:03:06 ----D---- C:\Windows\Tasks
    2009-05-07 09:16:29 ----A---- C:\Windows\system32\mrt.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2008-01-30 29704]
    R1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-01-30 34312]
    R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2008-01-30 39944]
    R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
    R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-20 3077632]
    R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
    R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-09-05 1953944]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
    R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-04-30 81408]
    R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
    R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-03-20 208688]
    R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
    R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-01-24 290304]
    R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
    R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-04-16 11776]
    S3 athr;Pilote de périphérique LAN sans fil extensible Atheros; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]
    S3 catchme;catchme; \??\C:\Users\ALEXNO~1\AppData\Local\Temp\catchme.sys []
    S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
    S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
    S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
    S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
    S3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
    S3 PMUSB2G;PassMark® Software USB 2.0 Loopback plug; C:\Windows\System32\Drivers\PMUSB.sys [2004-11-25 18944]
    S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
    S3 TpChoice;Touch Pad Detection Filter driver; C:\Windows\system32\DRIVERS\TpChoice.sys []
    S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
    S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
    S4 CplIR;Embedded IR Driver; C:\Windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
    S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2007-01-18 219392]
    S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2007-01-18 211072]
    S4 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
    S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
    R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-09-20 610304]
    R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
    R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-01-30 468224]
    R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-02-12 355096]
    R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe [2007-09-21 77824]
    R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
    R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2007-03-29 427576]
    R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
    S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe []
    S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2009-02-03 398848]
    S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-01-30 19200]
    S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]
    S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

    -----------------EOF-----------------
    Anonyme
    4 Juin 2009 08:42:54

    pas de info.txt ...?
    a b 8 Sécurité
    4 Juin 2009 11:33:57

    On va faire autrement.

    Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

  • Double clique sur HJTInstall.exe pour lancer l'installation.
  • Clique sur Install.
  • Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
  • Accepte la licence en cliquant sur Yes.
  • Clique sur Do a system scan and save a logfile.
  • Poste ici le rapport généré.

    Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

    Aide : Comment utiliser HijackThis.
    Anonyme
    4 Juin 2009 12:36:33

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:35:32, on 04/06/2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Ares\Ares.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\trend micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
    O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Free Download Manager - RCS] C:\Program Files\Free Download Manager\fdmwi.exe -autorun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing)
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redirect-home?tag=Tosh... (file missing)
    O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpld...
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrob...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 10443 bytes
    a b 8 Sécurité
    4 Juin 2009 18:38:38

    Re,

    Choisis do a system scan only, coche ces lignes (si toujours présentes) :
    R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll

    Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
    Puis Fix Checked !

    Supprime ce dossier :
    C:\Program Files\P2P_Energy
    Anonyme
    5 Juin 2009 21:25:29

    j'ai fait tout ce qui a été demandé en revanche impossible de supprimer le dossier P2P_Energy car le fichier tbP2P_.dll serait ouvert dans une autre application. j'ai essayé de redemarrer mon pc, mais rien a faire impossible de le supprimer.
    Anonyme
    6 Juin 2009 15:10:58

    je me rends compte aussi que je n'ai pu supprimer que R3, les autres lignes n'ont pas pu l'etre, j'ai reessayé plusieurs fois mais en vain...
    a b 8 Sécurité
    6 Juin 2009 15:51:27

    Fais la procédure en mode sans échec alors :) 
    Anonyme
    6 Juin 2009 17:00:23

    ca va paraitre bete, mais comment on fait en mode sans echec?
    a b 8 Sécurité
    7 Juin 2009 12:13:00

    Citation :
    Fais redémarrer ton ordinateur en mode sans échec
    - Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
    -- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
    --- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
    ---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.

    :) 
    Anonyme
    7 Juin 2009 12:53:42

    c'est fait, j'ai pu supprimer ce que tu m'avais demandé.
    a b 8 Sécurité
    7 Juin 2009 14:13:06

    Reposte un rapport Hijackthis.
    Anonyme
    7 Juin 2009 15:00:07

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:35:32, on 04/06/2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Ares\Ares.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\trend micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
    O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Free Download Manager - RCS] C:\Program Files\Free Download Manager\fdmwi.exe -autorun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing)
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redirect-home?tag=Tosh... (file missing)
    O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpld...
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrob...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 10443 bytes
    a b 8 Sécurité
    8 Juin 2009 17:06:47

    Pour faire un rapport il faut lancer Hijackthis en faisant clic droit / exécuter en tant qu'admin
    Anonyme
    8 Juin 2009 17:50:56

    ok, pardon dsl

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:50:23, on 08/06/2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Ares\Ares.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\trend micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
    O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Free Download Manager - RCS] C:\Program Files\Free Download Manager\fdmwi.exe -autorun
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing)
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redirect-home?tag=Tosh... (file missing)
    O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpld...
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrob...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 10009 bytes
    a b 8 Sécurité
    8 Juin 2009 18:36:08

    Encore des soucis ?
    Anonyme
    8 Juin 2009 18:38:08

    apparement je peux aller sur ares et naviguer en meme temps, cependant ares ne reprend pas les telechargements et reste en mode connexion...
    a b 8 Sécurité
    9 Juin 2009 12:01:07

    C'est quoi le rapport avec les virus ? :/ 
    Anonyme
    9 Juin 2009 12:44:40

    j'en sais rien???? je suis pas informaticien et y connais pas grand chose, j'ai jamais eu ce genre de soucis auparavant, donc je sais pas de quoi ca vient, et pensais que peut etre toi tu savais?
    a b 8 Sécurité
    9 Juin 2009 18:30:22

    Aucune idée, pas mon domaine.
    Anonyme
    9 Juin 2009 23:16:21

    ok... en tout cas merci pour le reste.
    a b 8 Sécurité
    10 Juin 2009 19:29:44

    Bonne chance.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS