Until now, I can't remove the incredibar.com toolbar (I use Firefox 12.0).
Trying to remove it, I used SpyHunter4 which found a lot of malwares (lop, trojan.generic,...).
But I scanned my PC with avast or spybot : they found nothing !
So I don't know how much my computer is infected
Thank you very much for your help
Eric
Here are the requested files.
= = = =
OTL Extras logfile created on: 11/06/2012 17:21:56 - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = I:\Téléchargement_Firefox
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 51,84% Memory free
3,85 Gb Paging File | 3,02 Gb Available in Paging File | 78,54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 117,19 Gb Total Space | 48,67 Gb Free Space | 41,53% Space Free | Partition Type: NTFS
Drive D: | 30,64 Gb Total Space | 15,61 Gb Free Space | 50,96% Space Free | Partition Type: NTFS
Drive I: | 146,48 Gb Total Space | 12,65 Gb Free Space | 8,63% Space Free | Partition Type: NTFS
Drive J: | 39,07 Gb Total Space | 10,28 Gb Free Space | 26,31% Space Free | Partition Type: NTFS
Drive K: | 38,31 Gb Total Space | 6,90 Gb Free Space | 18,00% Space Free | Partition Type: NTFS
Drive Z: | 930,82 Gb Total Space | 811,03 Gb Free Space | 87,13% Space Free | Partition Type: NTFS
Computer Name: AMD64 | User Name: eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"16000:TCP" = 16000:TCP:*:Enabled:emule
"16001:UDP" = 16001:UDP:*:Enabled:emule
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"L:\httpd\httpd-x86-windows\apache.exe" = L:\httpd\httpd-x86-windows\apache.exe:127.0.0.1,LocalSubnet:Enabled:Apache web server
"L:\perl\win32\wperl.exe" = L:\perl\win32\wperl.exe:127.0.0.1,LocalSubnet:Enabled:Perl interpreter - part of Stunnix Web Server
"L:\extensions\engines\mysql5-x86-windows\bin\mysqld.exe" = L:\extensions\engines\mysql5-x86-windows\bin\mysqld.exe:127.0.0.1,LocalSubnet:Enabled:Mysql database server
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\Temp\NavBrowser.exe" = C:\WINDOWS\Temp\NavBrowser.exe:*:Disabled:NAVBrowser
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"I:\Cygwin\usr\X11R6\bin\XWin.exe" = I:\Cygwin\usr\X11R6\bin\XWin.exe:*:Enabled:XWin -- ()
"C:\Program Files\Anno 1701\Anno1701.exe" = C:\Program Files\Anno 1701\Anno1701.exe:*:Enabled:Anno 1701 -- (Related Designs Software GmbH)
"Q:\adsltv\vlc.exe" = Q:\adsltv\vlc.exe:*:Enabled:VLC media player
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"I:\Kevin\warhammer\DOW2.exe" = I:\Kevin\warhammer\DOW2.exe:*:Enabled:DOW2 -- (THQ Canada Inc.)
"Q:\adsltv\adsltv.exe" = Q:\adsltv\adsltv.exe:*:Disabled:adsltv
"I:\WoW\World of Warcraft\Launcher.exe" = I:\WoW\World of Warcraft\Launcher.exe:*:Disabled:Blizzard Launcher -- (Blizzard Entertainment)
"I:\WoW\World of Warcraft\WoW-3.2.0-frFR-downloader.exe" = I:\WoW\World of Warcraft\WoW-3.2.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"L:\WD Discovery Software\WD Discovery.exe" = L:\WD Discovery Software\WD Discovery.exe:*:Enabled:WD Discovery Application
"C:\Program Files\Western Digital\WD Discovery Software\WD Discovery.exe" = C:\Program Files\Western Digital\WD Discovery Software\WD Discovery.exe:*:Enabled:WD Discovery Application -- ()
"C:\Program Files\StealthNet\stealthnet.exe" = C:\Program Files\StealthNet\stealthnet.exe:*:Enabled:StealthNet -- (The StealthNet Team)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"I:\Logiciels_installes\OneSwarm\OneSwarm.exe" = I:\Logiciels_installes\OneSwarm\OneSwarm.exe:*:Enabled:OneSwarm
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"I:\Cygwin\bin\rsync.exe" = I:\Cygwin\bin\rsync.exe:*:Enabled:rsync -- ()
"I:\Cygwin\bin\ftp.exe" = I:\Cygwin\bin\ftp.exe:*:Enabled:ftp -- ()
"I:\WoW\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe" = I:\WoW\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"L:\httpd\httpd-x86-windows\apache.exe" = L:\httpd\httpd-x86-windows\apache.exe:127.0.0.1,LocalSubnet:Enabled:Apache web server
"L:\perl\win32\wperl.exe" = L:\perl\win32\wperl.exe:127.0.0.1,LocalSubnet:Enabled:Perl interpreter - part of Stunnix Web Server
"L:\extensions\engines\mysql5-x86-windows\bin\mysqld.exe" = L:\extensions\engines\mysql5-x86-windows\bin\mysqld.exe:127.0.0.1,LocalSubnet:Enabled:Mysql database server
"C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{006E6A46-8D55-4F10-BBA8-2C9653B4278B}" = Software Update Helper
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.445
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B66765B-8596-4698-A208-E23D11D84AA7}" = Canon Camera WIA Driver
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = PhotoImpression 5
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = RAW Image Task 1.1
"{6901DD22-527A-41EF-9059-E81FEDE9E494}" = Windows Presentation Foundation Language Pack (FRA)
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6E19F210-3813-4002-B561-94D66AA182B6}" = Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.1
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8DD0F820-3656-4AB3-A7F4-005CAA2D0897}_is1" = RDesc 2.33
"{9019040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97DF4674-AB43-11D5-91C9-005004F84FA1}" = Dialang V1 Beta
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5D4928E-6B88-40B2-A9BF-E0DD652B43B4}" = Boxore Client
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF600F7B-67A7-48D9-BA3B-0FF97F35F970}" = ABBYY FineReader 6.0
"{B0900CB5-8EC0-43B4-9DAC-A32FE52DC864}" = e-Carte Bleue Banque Populaire
"{B168C59D-5FCF-4EEC-B464-BFA7A8266150}" = Windows Communication Foundation Language Pack - FRA
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B84C141C-9A13-44BE-9A69-301D7B11D836}" = Windows Workflow Foundation FR Language Pack
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}" = Microsoft .NET Framework 3.0 French Language Pack
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FFA98080-B0C6-11D5-91CB-005004F84FA1}" = Sun Java Runtime Environment and JMF
"3BEF1AFDE8303306594E2ADA27520E6E700820AE" = Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"40 polices pour l'école" = 40 polices pour l'école
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.3.1 Professional
"Adobe Acrobat 8 Professional - English, Français, Deutsch_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"CdaC13Ba" = Cda Product Service - shared component
"CLAVIERDESALPHAS" = CLAVIER DES ALPHAS
"CSCLIB" = Canon Camera Support Core Library
"Duplicate Cleaner" = Duplicate Cleaner 2.1b
"eMule" = eMule
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 Guide d'utilisation" = Epson Stylus SX210_SX410_TX210_TX410 Manuel
"EPSON SX410 Series" = EPSON SX410 Series Printer Uninstall
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.3.4.1
"FindUtils-4.2.20-2_is1" = GnuWin32: FindUtils version 4.2.20-2
"Google Chrome" = Google Chrome
"Gow" = Gow
"Guild Wars" = GUILD WARS
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{4B66765B-8596-4698-A208-E23D11D84AA7}" = Canon Camera WIA Driver 6.2.5
"InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.0 French Language Pack" = Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 13.0 (x86 fr)" = Mozilla Firefox 13.0 (x86 fr)
"Mozilla Thunderbird 10.0.1 (x86 fr)" = Mozilla Thunderbird 10.0.1 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"PeerGuardian_is1" = PeerGuardian 2.0
"Perf2480P_2580P Guide de réf." = Perf2480P_2580P Guide de réf.
"Quick Zip_is1" = Quick Zip 4.60.019
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"StealthNet_is1" = StealthNet 0.8.7.8
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"winscp3_is1" = WinSCP 4.1.8
"World of Warcraft" = World of Warcraft
"wxPython2.8-unicode-py26_is1" = wxPython 2.8.10.1 (unicode) for Python 2.6
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"YTdetect" = Yahoo! Detect
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 24/08/2008 15:51:50 | Computer Name = AMD64 | Source = avast! | ID = 33554522
Description =
Error - 26/09/2008 15:02:26 | Computer Name = AMD64 | Source = avast! | ID = 33554522
Description =
Error - 26/09/2008 15:02:51 | Computer Name = AMD64 | Source = avast! | ID = 33554522
Description =
Error - 05/03/2009 13:15:40 | Computer Name = AMD64 | Source = avast! | ID = 33554522
Description =
Error - 21/04/2009 11:18:19 | Computer Name = AMD64 | Source = avast! | ID = 33554522
Description =
Error - 29/06/2009 11:38:43 | Computer Name = AMD64 | Source = avast! | ID = 33554522
Description =
Error - 27/08/2009 19:13:48 | Computer Name = AMD64 | Source = avast! | ID = 33554522
Description =
Error - 07/11/2009 11:44:08 | Computer Name = AMD64 | Source = avast! | ID = 33554522
Description =
Error - 08/11/2009 10:45:06 | Computer Name = AMD64 | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 29/02/2012 07:06:22 | Computer Name = AMD64 | Source = Application Hang | ID = 1002
Description = Application bloquée IDriver.exe, version 8.1.0.293, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Error - 10/03/2012 13:54:33 | Computer Name = AMD64 | Source = Application Hang | ID = 1002
Description = Application bloquée WINWORD.EXE, version 9.0.0.2823, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Error - 12/03/2012 02:27:11 | Computer Name = AMD64 | Source = Application Hang | ID = 1002
Description = Application bloquée winamp.exe, version 5.5.4.2165, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Error - 15/03/2012 12:34:26 | Computer Name = AMD64 | Source = Application Error | ID = 1000
Description = Application défaillante winword.exe, version 9.0.0.2823, module défaillant
winword.exe, version 9.0.0.2823, adresse de défaillance 0x0037e5cc.
Error - 15/03/2012 12:34:43 | Computer Name = AMD64 | Source = Application Error | ID = 1000
Description = Application défaillante winword.exe, version 9.0.0.2823, module défaillant
winword.exe, version 9.0.0.2823, adresse de défaillance 0x0037e5cc.
Error - 19/03/2012 14:54:07 | Computer Name = AMD64 | Source = Application Hang | ID = 1002
Description = Application bloquée QuickZip.exe, version 0.0.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.
Error - 01/04/2012 11:28:39 | Computer Name = AMD64 | Source = Application Hang | ID = 1002
Description = Application bloquée Unlocker.exe, version 0.0.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.
Error - 15/04/2012 05:53:45 | Computer Name = AMD64 | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.2.4448, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Error - 04/06/2012 04:48:58 | Computer Name = AMD64 | Source = crypt32 | ID = 131083
Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
CAB de mise à jour automatique à :
avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
la vérification par rapport à l'horloge système en cours ou le tampon daté dans
le fichier signé.
Error - 04/06/2012 04:48:58 | Computer Name = AMD64 | Source = crypt32 | ID = 131083
Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
CAB de mise à jour automatique à :
avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
la vérification par rapport à l'horloge système en cours ou le tampon daté dans
le fichier signé.
[ System Events ]
Error - 11/06/2012 10:30:06 | Computer Name = AMD64 | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Aavmker4 aswSnx aswSP aswTdi Fips Processor
Error - 11/06/2012 10:33:57 | Computer Name = AMD64 | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service
Apple Mobile Device.
Error - 11/06/2012 10:33:57 | Computer Name = AMD64 | Source = Service Control Manager | ID = 7000
Description = Le service Apple Mobile Device n'a pas pu démarrer en raison de l'erreur :
%%1053
Error - 11/06/2012 10:33:57 | Computer Name = AMD64 | Source = Service Control Manager | ID = 7000
Description = Le service NetGroup Packet Filter Driver n'a pas pu démarrer en raison
de l'erreur : %%2
Error - 11/06/2012 10:48:42 | Computer Name = AMD64 | Source = SideBySide | ID = 16842784
Description = L'assemblage dépendant Microsoft.VC80.MFCLOC ne peut pas être trouvé.
La dernière erreur était L'assemblage référencé n'est pas installé sur votre système.
Error - 11/06/2012 10:48:42 | Computer Name = AMD64 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly a échoué pour Microsoft.VC80.MFCLOC. Message
d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.
Error - 11/06/2012 10:48:42 | Computer Name = AMD64 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context a échoué pour C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80U.DLL.
Message
d'erreur de référence : Opération réussie. .
Error - 11/06/2012 10:48:42 | Computer Name = AMD64 | Source = SideBySide | ID = 16842784
Description = L'assemblage dépendant Microsoft.VC80.MFCLOC ne peut pas être trouvé.
La dernière erreur était L'assemblage référencé n'est pas installé sur votre système.
Error - 11/06/2012 10:48:42 | Computer Name = AMD64 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly a échoué pour Microsoft.VC80.MFCLOC. Message
d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.
Error - 11/06/2012 10:48:42 | Computer Name = AMD64 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context a échoué pour C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80U.DLL.
Message
d'erreur de référence : Opération réussie. .
< End of report >
= = = = =
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-11 17:38:57
-----------------------------
17:38:57.921 OS Version: Windows 5.1.2600 Service Pack 3
17:38:57.921 Number of processors: 2 586 0x6B02
17:38:57.921 ComputerName: AMD64 UserName: eric
17:38:59.234 Initialize success
17:39:02.921 AVAST engine defs: 12061100
17:39:32.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:39:32.781 Disk 0 Vendor: Hitachi_HDP725032GLA360 GM3OA52A Size: 305245MB BusType: 3
17:39:32.781 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-1c
17:39:32.781 Disk 1 Vendor: IC35L120AVV207-0 V24OA63A Size: 117800MB BusType: 3
17:39:32.796 Disk 0 MBR read successfully
17:39:32.796 Disk 0 MBR scan
17:39:32.796 Disk 0 unknown MBR code
17:39:32.796 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 120001 MB offset 63
17:39:32.828 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 149997 MB offset 245762370
17:39:32.843 Disk 0 Partition 3 00 83 Linux 35244 MB offset 552957300
17:39:32.843 Disk 0 scanning sectors +625137345
17:39:32.953 Disk 0 scanning C:\WINDOWS\system32\drivers
17:39:43.421 Service scanning
17:39:56.000 Modules scanning
17:40:00.906 Disk 0 trace - called modules:
17:40:00.906 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:40:00.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a735ab8]
17:40:00.906 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006e[0x8a70bf18]
17:40:00.906 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a70ad98]
17:40:01.468 AVAST engine scan C:\WINDOWS
17:40:10.015 AVAST engine scan C:\WINDOWS\system32
17:41:59.046 AVAST engine scan C:\WINDOWS\system32\drivers
17:42:11.468 AVAST engine scan C:\Documents and Settings\eric
17:44:08.953 Disk 0 MBR has been saved successfully to "I:\Téléchargement_Firefox\MBR.dat"
17:44:08.968 The log file has been saved successfully to "I:\Téléchargement_Firefox\aswMBR.txt"
Trying to remove it, I used SpyHunter4 which found a lot of malwares (lop, trojan.generic,...).
But I scanned my PC with avast or spybot : they found nothing !
So I don't know how much my computer is infected
Thank you very much for your help
Eric
Here are the requested files.
= = = =
OTL Extras logfile created on: 11/06/2012 17:21:56 - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = I:\Téléchargement_Firefox
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 51,84% Memory free
3,85 Gb Paging File | 3,02 Gb Available in Paging File | 78,54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 117,19 Gb Total Space | 48,67 Gb Free Space | 41,53% Space Free | Partition Type: NTFS
Drive D: | 30,64 Gb Total Space | 15,61 Gb Free Space | 50,96% Space Free | Partition Type: NTFS
Drive I: | 146,48 Gb Total Space | 12,65 Gb Free Space | 8,63% Space Free | Partition Type: NTFS
Drive J: | 39,07 Gb Total Space | 10,28 Gb Free Space | 26,31% Space Free | Partition Type: NTFS
Drive K: | 38,31 Gb Total Space | 6,90 Gb Free Space | 18,00% Space Free | Partition Type: NTFS
Drive Z: | 930,82 Gb Total Space | 811,03 Gb Free Space | 87,13% Space Free | Partition Type: NTFS
Computer Name: AMD64 | User Name: eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"16000:TCP" = 16000:TCP:*:Enabled:emule
"16001:UDP" = 16001:UDP:*:Enabled:emule
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"L:\httpd\httpd-x86-windows\apache.exe" = L:\httpd\httpd-x86-windows\apache.exe:127.0.0.1,LocalSubnet:Enabled:Apache web server
"L:\perl\win32\wperl.exe" = L:\perl\win32\wperl.exe:127.0.0.1,LocalSubnet:Enabled:Perl interpreter - part of Stunnix Web Server
"L:\extensions\engines\mysql5-x86-windows\bin\mysqld.exe" = L:\extensions\engines\mysql5-x86-windows\bin\mysqld.exe:127.0.0.1,LocalSubnet:Enabled:Mysql database server
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\Temp\NavBrowser.exe" = C:\WINDOWS\Temp\NavBrowser.exe:*:Disabled:NAVBrowser
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"I:\Cygwin\usr\X11R6\bin\XWin.exe" = I:\Cygwin\usr\X11R6\bin\XWin.exe:*:Enabled:XWin -- ()
"C:\Program Files\Anno 1701\Anno1701.exe" = C:\Program Files\Anno 1701\Anno1701.exe:*:Enabled:Anno 1701 -- (Related Designs Software GmbH)
"Q:\adsltv\vlc.exe" = Q:\adsltv\vlc.exe:*:Enabled:VLC media player
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"I:\Kevin\warhammer\DOW2.exe" = I:\Kevin\warhammer\DOW2.exe:*:Enabled:DOW2 -- (THQ Canada Inc.)
"Q:\adsltv\adsltv.exe" = Q:\adsltv\adsltv.exe:*:Disabled:adsltv
"I:\WoW\World of Warcraft\Launcher.exe" = I:\WoW\World of Warcraft\Launcher.exe:*:Disabled:Blizzard Launcher -- (Blizzard Entertainment)
"I:\WoW\World of Warcraft\WoW-3.2.0-frFR-downloader.exe" = I:\WoW\World of Warcraft\WoW-3.2.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"L:\WD Discovery Software\WD Discovery.exe" = L:\WD Discovery Software\WD Discovery.exe:*:Enabled:WD Discovery Application
"C:\Program Files\Western Digital\WD Discovery Software\WD Discovery.exe" = C:\Program Files\Western Digital\WD Discovery Software\WD Discovery.exe:*:Enabled:WD Discovery Application -- ()
"C:\Program Files\StealthNet\stealthnet.exe" = C:\Program Files\StealthNet\stealthnet.exe:*:Enabled:StealthNet -- (The StealthNet Team)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"I:\Logiciels_installes\OneSwarm\OneSwarm.exe" = I:\Logiciels_installes\OneSwarm\OneSwarm.exe:*:Enabled:OneSwarm
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"I:\Cygwin\bin\rsync.exe" = I:\Cygwin\bin\rsync.exe:*:Enabled:rsync -- ()
"I:\Cygwin\bin\ftp.exe" = I:\Cygwin\bin\ftp.exe:*:Enabled:ftp -- ()
"I:\WoW\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe" = I:\WoW\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"L:\httpd\httpd-x86-windows\apache.exe" = L:\httpd\httpd-x86-windows\apache.exe:127.0.0.1,LocalSubnet:Enabled:Apache web server
"L:\perl\win32\wperl.exe" = L:\perl\win32\wperl.exe:127.0.0.1,LocalSubnet:Enabled:Perl interpreter - part of Stunnix Web Server
"L:\extensions\engines\mysql5-x86-windows\bin\mysqld.exe" = L:\extensions\engines\mysql5-x86-windows\bin\mysqld.exe:127.0.0.1,LocalSubnet:Enabled:Mysql database server
"C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{006E6A46-8D55-4F10-BBA8-2C9653B4278B}" = Software Update Helper
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.445
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B66765B-8596-4698-A208-E23D11D84AA7}" = Canon Camera WIA Driver
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = PhotoImpression 5
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = RAW Image Task 1.1
"{6901DD22-527A-41EF-9059-E81FEDE9E494}" = Windows Presentation Foundation Language Pack (FRA)
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6E19F210-3813-4002-B561-94D66AA182B6}" = Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.1
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8DD0F820-3656-4AB3-A7F4-005CAA2D0897}_is1" = RDesc 2.33
"{9019040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97DF4674-AB43-11D5-91C9-005004F84FA1}" = Dialang V1 Beta
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5D4928E-6B88-40B2-A9BF-E0DD652B43B4}" = Boxore Client
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF600F7B-67A7-48D9-BA3B-0FF97F35F970}" = ABBYY FineReader 6.0
"{B0900CB5-8EC0-43B4-9DAC-A32FE52DC864}" = e-Carte Bleue Banque Populaire
"{B168C59D-5FCF-4EEC-B464-BFA7A8266150}" = Windows Communication Foundation Language Pack - FRA
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B84C141C-9A13-44BE-9A69-301D7B11D836}" = Windows Workflow Foundation FR Language Pack
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}" = Microsoft .NET Framework 3.0 French Language Pack
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FFA98080-B0C6-11D5-91CB-005004F84FA1}" = Sun Java Runtime Environment and JMF
"3BEF1AFDE8303306594E2ADA27520E6E700820AE" = Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"40 polices pour l'école" = 40 polices pour l'école
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.3.1 Professional
"Adobe Acrobat 8 Professional - English, Français, Deutsch_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"CdaC13Ba" = Cda Product Service - shared component
"CLAVIERDESALPHAS" = CLAVIER DES ALPHAS
"CSCLIB" = Canon Camera Support Core Library
"Duplicate Cleaner" = Duplicate Cleaner 2.1b
"eMule" = eMule
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 Guide d'utilisation" = Epson Stylus SX210_SX410_TX210_TX410 Manuel
"EPSON SX410 Series" = EPSON SX410 Series Printer Uninstall
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.3.4.1
"FindUtils-4.2.20-2_is1" = GnuWin32: FindUtils version 4.2.20-2
"Google Chrome" = Google Chrome
"Gow" = Gow
"Guild Wars" = GUILD WARS
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{4B66765B-8596-4698-A208-E23D11D84AA7}" = Canon Camera WIA Driver 6.2.5
"InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.0 French Language Pack" = Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 13.0 (x86 fr)" = Mozilla Firefox 13.0 (x86 fr)
"Mozilla Thunderbird 10.0.1 (x86 fr)" = Mozilla Thunderbird 10.0.1 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"PeerGuardian_is1" = PeerGuardian 2.0
"Perf2480P_2580P Guide de réf." = Perf2480P_2580P Guide de réf.
"Quick Zip_is1" = Quick Zip 4.60.019
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"StealthNet_is1" = StealthNet 0.8.7.8
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"winscp3_is1" = WinSCP 4.1.8
"World of Warcraft" = World of Warcraft
"wxPython2.8-unicode-py26_is1" = wxPython 2.8.10.1 (unicode) for Python 2.6
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"YTdetect" = Yahoo! Detect
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 24/08/2008 15:51:50 | Computer Name = AMD64 | Source = avast! | ID = 33554522
Description =
Error - 26/09/2008 15:02:26 | Computer Name = AMD64 | Source = avast! | ID = 33554522
Description =
Error - 26/09/2008 15:02:51 | Computer Name = AMD64 | Source = avast! | ID = 33554522
Description =
Error - 05/03/2009 13:15:40 | Computer Name = AMD64 | Source = avast! | ID = 33554522
Description =
Error - 21/04/2009 11:18:19 | Computer Name = AMD64 | Source = avast! | ID = 33554522
Description =
Error - 29/06/2009 11:38:43 | Computer Name = AMD64 | Source = avast! | ID = 33554522
Description =
Error - 27/08/2009 19:13:48 | Computer Name = AMD64 | Source = avast! | ID = 33554522
Description =
Error - 07/11/2009 11:44:08 | Computer Name = AMD64 | Source = avast! | ID = 33554522
Description =
Error - 08/11/2009 10:45:06 | Computer Name = AMD64 | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 29/02/2012 07:06:22 | Computer Name = AMD64 | Source = Application Hang | ID = 1002
Description = Application bloquée IDriver.exe, version 8.1.0.293, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Error - 10/03/2012 13:54:33 | Computer Name = AMD64 | Source = Application Hang | ID = 1002
Description = Application bloquée WINWORD.EXE, version 9.0.0.2823, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Error - 12/03/2012 02:27:11 | Computer Name = AMD64 | Source = Application Hang | ID = 1002
Description = Application bloquée winamp.exe, version 5.5.4.2165, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Error - 15/03/2012 12:34:26 | Computer Name = AMD64 | Source = Application Error | ID = 1000
Description = Application défaillante winword.exe, version 9.0.0.2823, module défaillant
winword.exe, version 9.0.0.2823, adresse de défaillance 0x0037e5cc.
Error - 15/03/2012 12:34:43 | Computer Name = AMD64 | Source = Application Error | ID = 1000
Description = Application défaillante winword.exe, version 9.0.0.2823, module défaillant
winword.exe, version 9.0.0.2823, adresse de défaillance 0x0037e5cc.
Error - 19/03/2012 14:54:07 | Computer Name = AMD64 | Source = Application Hang | ID = 1002
Description = Application bloquée QuickZip.exe, version 0.0.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.
Error - 01/04/2012 11:28:39 | Computer Name = AMD64 | Source = Application Hang | ID = 1002
Description = Application bloquée Unlocker.exe, version 0.0.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.
Error - 15/04/2012 05:53:45 | Computer Name = AMD64 | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.2.4448, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Error - 04/06/2012 04:48:58 | Computer Name = AMD64 | Source = crypt32 | ID = 131083
Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
CAB de mise à jour automatique à :
avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
la vérification par rapport à l'horloge système en cours ou le tampon daté dans
le fichier signé.
Error - 04/06/2012 04:48:58 | Computer Name = AMD64 | Source = crypt32 | ID = 131083
Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
CAB de mise à jour automatique à :
avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
la vérification par rapport à l'horloge système en cours ou le tampon daté dans
le fichier signé.
[ System Events ]
Error - 11/06/2012 10:30:06 | Computer Name = AMD64 | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Aavmker4 aswSnx aswSP aswTdi Fips Processor
Error - 11/06/2012 10:33:57 | Computer Name = AMD64 | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service
Apple Mobile Device.
Error - 11/06/2012 10:33:57 | Computer Name = AMD64 | Source = Service Control Manager | ID = 7000
Description = Le service Apple Mobile Device n'a pas pu démarrer en raison de l'erreur :
%%1053
Error - 11/06/2012 10:33:57 | Computer Name = AMD64 | Source = Service Control Manager | ID = 7000
Description = Le service NetGroup Packet Filter Driver n'a pas pu démarrer en raison
de l'erreur : %%2
Error - 11/06/2012 10:48:42 | Computer Name = AMD64 | Source = SideBySide | ID = 16842784
Description = L'assemblage dépendant Microsoft.VC80.MFCLOC ne peut pas être trouvé.
La dernière erreur était L'assemblage référencé n'est pas installé sur votre système.
Error - 11/06/2012 10:48:42 | Computer Name = AMD64 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly a échoué pour Microsoft.VC80.MFCLOC. Message
d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.
Error - 11/06/2012 10:48:42 | Computer Name = AMD64 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context a échoué pour C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80U.DLL.
Message
d'erreur de référence : Opération réussie. .
Error - 11/06/2012 10:48:42 | Computer Name = AMD64 | Source = SideBySide | ID = 16842784
Description = L'assemblage dépendant Microsoft.VC80.MFCLOC ne peut pas être trouvé.
La dernière erreur était L'assemblage référencé n'est pas installé sur votre système.
Error - 11/06/2012 10:48:42 | Computer Name = AMD64 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly a échoué pour Microsoft.VC80.MFCLOC. Message
d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.
Error - 11/06/2012 10:48:42 | Computer Name = AMD64 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context a échoué pour C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80U.DLL.
Message
d'erreur de référence : Opération réussie. .
< End of report >
= = = = =
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-11 17:38:57
-----------------------------
17:38:57.921 OS Version: Windows 5.1.2600 Service Pack 3
17:38:57.921 Number of processors: 2 586 0x6B02
17:38:57.921 ComputerName: AMD64 UserName: eric
17:38:59.234 Initialize success
17:39:02.921 AVAST engine defs: 12061100
17:39:32.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:39:32.781 Disk 0 Vendor: Hitachi_HDP725032GLA360 GM3OA52A Size: 305245MB BusType: 3
17:39:32.781 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-1c
17:39:32.781 Disk 1 Vendor: IC35L120AVV207-0 V24OA63A Size: 117800MB BusType: 3
17:39:32.796 Disk 0 MBR read successfully
17:39:32.796 Disk 0 MBR scan
17:39:32.796 Disk 0 unknown MBR code
17:39:32.796 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 120001 MB offset 63
17:39:32.828 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 149997 MB offset 245762370
17:39:32.843 Disk 0 Partition 3 00 83 Linux 35244 MB offset 552957300
17:39:32.843 Disk 0 scanning sectors +625137345
17:39:32.953 Disk 0 scanning C:\WINDOWS\system32\drivers
17:39:43.421 Service scanning
17:39:56.000 Modules scanning
17:40:00.906 Disk 0 trace - called modules:
17:40:00.906 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:40:00.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a735ab8]
17:40:00.906 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006e[0x8a70bf18]
17:40:00.906 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a70ad98]
17:40:01.468 AVAST engine scan C:\WINDOWS
17:40:10.015 AVAST engine scan C:\WINDOWS\system32
17:41:59.046 AVAST engine scan C:\WINDOWS\system32\drivers
17:42:11.468 AVAST engine scan C:\Documents and Settings\eric
17:44:08.953 Disk 0 MBR has been saved successfully to "I:\Téléchargement_Firefox\MBR.dat"
17:44:08.968 The log file has been saved successfully to "I:\Téléchargement_Firefox\aswMBR.txt"