SVP Demande analyse de rapport de Hijackthis

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

SVP Demande analyse de rapport de Hijackthis

Messagede Narbonne » 08 Nov 2008, 12:05

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:45:11, on 2008-11-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
e:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
E:\Program Files\Intel\IDU\awServ.exe
E:\WINDOWS\system32\cisvc.exe
E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
E:\WINDOWS\system32\E_S00RP1.EXE
E:\Program Files\MagicTune Premium\MagicTuneEngine.exe
E:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\CyberLink\Shared Files\RichVideo.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
E:\WINDOWS\system32\SAgent4.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
E:\Program Files\Intel\IDU\iptray.exe
E:\Program Files\MagicTune Premium\MagicTune.exe
E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
E:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
\?\E:\WINDOWS\system32\WBEM\WMIADAP.EXE
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\WINDOWS\system32\wbem\wmiapsrv.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jeu-gratuit-online.net/the-space ... /index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: E:\WINDOWS\system32\jsne87fidgf.dll - {c5bf49a2-94f3-42bd-f434-3604812c897d} - E:\WINDOWS\system32\jsne87fidgf.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - E:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [IntelAudioStudio] "E:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [ipTray.exe] "E:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [IgfxTray] E:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "E:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [HijackThis startup scan] E:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.localhost
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - E:\WINDOWS\system32\jsne87fidgf.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (antivirscheduler) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (antivirservice) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - E:\Program Files\Intel\IDU\awServ.exe
O23 - Service: Diskeeper - Diskeeper® Corporation - E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - E:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - e:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MagicTuneEngine - Unknown owner - E:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: MSCSPTISRV - Sony Corporation - E:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - E:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - E:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - E:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - E:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - E:\WINDOWS\system32\SAgent4.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7474 bytes
Narbonne
 
Messages: 8
Inscription: 06 Mar 2008, 08:27

Messagede Narbonne » 08 Nov 2008, 12:09

Salut
Je suis sur window XP, SP2. J'utilise plutot mozilla firexos 3.0 et rarement IE mais aussi "Avant browser". J'ai installé un nouveau antivirus Antivir car AVG était périmé depuis 1 sem. Quelques 50 et + virus ont été identifié (!!!).. j'envois donc le log du rapport d'Antivir ici.

Merci d'avance pour votre aide!!
Narbonne
 
Messages: 8
Inscription: 06 Mar 2008, 08:27

Messagede Narbonne » 08 Nov 2008, 12:10

Avira AntiVir Personal
Report file date: 7 novembre 2008 23:18

Scanning for 1019829 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: LIBRE

Version information:
BUILD.DAT : 8.2.0.334 16933 Bytes 2008-10-16 14:55:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 2008-06-26 15:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 14:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 19:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 14:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 04:17:03
ANTIVIR1.VDF : 7.1.0.21 130560 Bytes 2008-10-31 04:17:04
ANTIVIR2.VDF : 7.1.0.44 139264 Bytes 2008-11-06 04:17:05
ANTIVIR3.VDF : 7.1.0.55 139776 Bytes 2008-11-07 04:17:06
Engineversion : 8.2.0.29
AEVDF.DLL : 8.1.0.6 102772 Bytes 2008-11-08 04:17:21
AESCRIPT.DLL : 8.1.1.13 332156 Bytes 2008-11-08 04:17:20
AESCN.DLL : 8.1.1.5 123251 Bytes 2008-11-08 04:17:19
AERDL.DLL : 8.1.1.3 438645 Bytes 2008-11-08 04:17:19
AEPACK.DLL : 8.1.3.3 393591 Bytes 2008-11-08 04:17:17
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 2008-11-08 04:17:16
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 2008-11-08 04:17:15
AEHELP.DLL : 8.1.1.3 119157 Bytes 2008-11-08 04:17:11
AEGEN.DLL : 8.1.1.0 319859 Bytes 2008-11-08 04:17:11
AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-11-08 04:17:09
AECORE.DLL : 8.1.4.1 172405 Bytes 2008-11-08 04:17:08
AEBB.DLL : 8.1.0.3 53618 Bytes 2008-11-08 04:17:07
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 15:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 16:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 2008-11-08 04:17:06
AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 18:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 15:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 19:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-23 00:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 19:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 19:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 20:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 20:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: e:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, E:, Z:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 7 novembre 2008 23:18

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskmgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'nmsrvc.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SAgent4.exe' - '1' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'MagicTuneEngine.exe' - '1' Module(s) have been scanned
Scan process 'E_S00RP1.EXE' - '1' Module(s) have been scanned
Scan process 'DkService.exe' - '1' Module(s) have been scanned
Scan process 'cisvc.exe' - '1' Module(s) have been scanned
Scan process 'awServ.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
36 processes with 36 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'Z:\'
[INFO] No virus was found!

Starting to scan the registry.
E:\WINDOWS\system32\crypts.dll
[DETECTION] Is the TR/Downloader.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '4bd43982.qua'!
E:\WINDOWS\system32\qoMcbaWQ.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '4b383985.qua'!

The registry was scanned ( '56' files ).


Starting the file scan:

Begin scan in 'C:\' <Principale>
C:\admwxe.exe
[DETECTION] Is the TR/Tiny.705 Trojan
[NOTE] The file was moved to '498213cc.qua'!
C:\efoycesr.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE] The file was moved to '498413d4.qua'!
C:\jdgqvv.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '497c13d7.qua'!
C:\myswfvrf.exe
[DETECTION] Contains HEUR/Crypted suspicious code
[NOTE] The file was moved to '498813f2.qua'!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\ubspwss.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498813df.qua'!
C:\ufoakx.exe
[DETECTION] Is the TR/Tiny.705 Trojan
[NOTE] The file was moved to '498413e5.qua'!
C:\yxygu.exe
[DETECTION] Is the TR/Tiny.705 Trojan
[NOTE] The file was moved to '498e13f9.qua'!
C:\jeux\ThriXXX\3D SexVilla\Binaries\fc3DSexVillaRun.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '494829ec.qua'!
C:\jeux\ThriXXX\3D SexVilla\Binaries\ThriXXX010267FG.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498729f2.qua'!
C:\Program Files\Elektrogames\Building&Co\BuildingAndCo.bak
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '497e2c42.qua'!
C:\Program Files\Elektrogames\Building&Co\BuildingAndCo.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '497e2c43.qua'!
C:\Program Files\EnsignGames\DreamStripper Game\Dream_Crack By Dj Nilo.exe
[0] Archive type: RAR SFX (self extracting)
--> DreamStripper-Start.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '497a2c7e.qua'!
C:\System Volume Information\_restore{9B104D45-3CB8-41C4-88E6-43F3BE780DA7}\RP408\A0089032.exe
[DETECTION] Is the TR/Tiny.705 Trojan
[NOTE] The file was moved to '49452e0c.qua'!
C:\System Volume Information\_restore{9B104D45-3CB8-41C4-88E6-43F3BE780DA7}\RP408\A0089033.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE] The file was moved to '48d04205.qua'!
C:\System Volume Information\_restore{9B104D45-3CB8-41C4-88E6-43F3BE780DA7}\RP408\A0089034.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49452e0d.qua'!
C:\System Volume Information\_restore{9B104D45-3CB8-41C4-88E6-43F3BE780DA7}\RP408\A0089035.exe
[DETECTION] Contains HEUR/Crypted suspicious code
[NOTE] The file was moved to '48d04206.qua'!
C:\System Volume Information\_restore{9B104D45-3CB8-41C4-88E6-43F3BE780DA7}\RP408\A0089036.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49452e0e.qua'!
C:\System Volume Information\_restore{9B104D45-3CB8-41C4-88E6-43F3BE780DA7}\RP408\A0089037.exe
[DETECTION] Is the TR/Tiny.705 Trojan
[NOTE] The file was moved to '48d04207.qua'!
C:\System Volume Information\_restore{9B104D45-3CB8-41C4-88E6-43F3BE780DA7}\RP408\A0089038.exe
[DETECTION] Is the TR/Tiny.705 Trojan
[NOTE] The file was moved to '49452e00.qua'!
C:\System Volume Information\_restore{9B104D45-3CB8-41C4-88E6-43F3BE780DA7}\RP408\A0089041.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '49452e0f.qua'!
C:\System Volume Information\_restore{9B104D45-3CB8-41C4-88E6-43F3BE780DA7}\RP408\A0089042.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d04218.qua'!
C:\System Volume Information\_restore{9B104D45-3CB8-41C4-88E6-43F3BE780DA7}\RP408\A0089043.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49452e10.qua'!
C:\System Volume Information\_restore{9B104D45-3CB8-41C4-88E6-43F3BE780DA7}\RP408\A0089044.exe
[0] Archive type: RAR SFX (self extracting)
--> DreamStripper-Start.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '49452e12.qua'!
C:\z\933e06e308a3e6a0eb892f7f09a5669aff.zip
[0] Archive type: ZIP
--> Pure.Networks.Network.Magic.Premium.Edition.v4.1.7082.0.WinXPVista.Retail-ARN/file_id.diz
[DETECTION] Is the TR/Agent.Dmp.7098 Trojan
[NOTE] The file was moved to '49482e24.qua'!
C:\z\Nouveau dossier\building\BuildingAndCo.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '497e2ef1.qua'!
C:\z\Nouveau dossier\building\Crack\BuildingAndCo.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '497e2f34.qua'!
C:\z\Nouveau dossier\dossiers\Nouveau dossier\Acoustica.Mixcraft.2.5-KeyGen_CiM\KEYGEN.EXE
[DETECTION] Is the TR/Crypt.PEPM.Gen Trojan
[NOTE] The file was moved to '496e2f57.qua'!
Begin scan in 'E:\' <Windows>
E:\ARK27.tmp
[DETECTION] Is the TR/Downloader.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '4b025d4e.qua'!
E:\ARK28.tmp
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '4b025d4f.qua'!
E:\Documents and Settings\Marc\Local Settings\Temp\869F.tmp
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '494e3174.qua'!
E:\Documents and Settings\Marc\Local Settings\Temp\csrssc.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498731b2.qua'!
E:\Documents and Settings\Marc\Local Settings\Temporary Internet Files\Content.IE5\8LDFAVHT\wssl657[1].exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '498831d6.qua'!
E:\Program Files\Pure Networks\Network Magic\file_id.diz
[DETECTION] Is the TR/Agent.Dmp.7098 Trojan
[NOTE] The file was moved to '49813737.qua'!
E:\WINDOWS\system32\fccdeecC.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49783985.qua'!
E:\WINDOWS\system32\khfGwTjk.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '497b3997.qua'!
E:\WINDOWS\system32\qoMfdaXR.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '496239b2.qua'!
E:\WINDOWS\system32\rqRLefDU.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '496739b6.qua'!
E:\WINDOWS\system32\wvUMgeCT.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '496a39ca.qua'!
E:\WINDOWS\system32\drivers\582b492.sys
[WARNING] The file could not be opened!
E:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
E:\WINDOWS\Temp\2144793996.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49493a13.qua'!
E:\WINDOWS\Temp\2193543996.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '494e3a14.qua'!
E:\WINDOWS\Temp\232795450.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49473a16.qua'!
E:\WINDOWS\Temp\2796668996.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '494e3a1a.qua'!
E:\WINDOWS\Temp\2814012746.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49463a1c.qua'!
E:\WINDOWS\Temp\2823042542.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49473a1c.qua'!
E:\WINDOWS\Temp\3477.tmp
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '494c3a19.qua'!
E:\WINDOWS\Temp\3716323792.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '483b8215.qua'!
E:\WINDOWS\Temp\38A7.tmp
[DETECTION] Is the TR/Downloader.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '49563a1e.qua'!
E:\WINDOWS\Temp\3E8A.tmp
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '494d3a2b.qua'!
E:\WINDOWS\Temp\csrssc.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49873a5b.qua'!
Begin scan in 'Z:\' <Zed>
Z:\Pure.Networks.Network.Magic.Premium.Edition.v4.1.7082.0.WinXPVista.Retail-ARN\file_id.diz
[DETECTION] Is the TR/Agent.Dmp.7098 Trojan
[NOTE] The file was moved to '498142d5.qua'!
Z:\rockmanifeste\Nouveau dossier\Nouveau dossier\Acoustica.Mixcraft.2.5-KeyGen_CiM.rar
[0] Archive type: RAR
--> KEYGEN.EXE
[DETECTION] Is the TR/Crypt.PEPM.Gen Trojan
[NOTE] The file was moved to '498443a7.qua'!


End of the scan: 8 novembre 2008 02:44
Used time: 3:25:35 Hour(s)

The scan has been done completely.

26545 Scanning directories
994232 Files were scanned
51 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
0 files were deleted
0 files were repaired
53 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
994176 Files not concerned
5948 Archives were scanned
10 Warnings
53 Notes
Narbonne
 
Messages: 8
Inscription: 06 Mar 2008, 08:27

Messagede nickW » 08 Nov 2008, 12:30

Bonjour,

Combien d'heures vais-je passer à nettoyer ce PC dont le propriétaire utilise ce genre de choses:

Dream_Crack By Dj Nilo.exe
Acoustica.Mixcraft.2.5-KeyGen_CiM
Pure.Networks.Network.Magic.Premium.Edition.v4.1.7082.0.WinXPVista.Retail-ARN



Création de deux logs détaillés:

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec).
Sous Windows XP, pour vérifier si un compte a les droits "Administrateur":
Démarrer---->Paramètres---->Panneau de configuration---->Comptes d'utilisateurs
A côté de l'icône représentant certains comptes (hormis celui nommé "Administrateur"), il est indiqué "Administrateur de l'ordinateur"
C'est l'un de ces comptes qu'il faudra utiliser.


Étape 1: OTListIt (de OldTimer), téléchargement
Télécharger OTListIt.exe depuis http://oldtimer.geekstogo.com/OTListIt.exe
Enregistrer ce fichier sur le Bureau.


Étape 2: OTListIt (de OldTimer)
Fermer toutes les fenêtres de programme ouvertes.
Faire un double clic sur OTListIt.exe pour lancer l'outil.
Cocher la case située devant Scan All Users.
Cliquer sur le bouton Run Scan et laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant l'un des deux rapports.
Fermer le Bloc-notes.
Le second rapport est visible dans la Barre des tâches. Le fermer également.
Fermer la fenêtre de OTListIt.


Étape 3: Résultats
Envoyer en réponse dans deux messages distincts (à cause de la longueur des logs):
*- les deux rapports de OTListIt (contenu des fichiers OTListIt.txt et Extras.txt situés sur le Bureau).

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede Narbonne » 08 Nov 2008, 12:41

OTListIt logfile created on: 2008-11-08 06:39:04 - Run
OTListIt by OldTimer - Version 1.0.12.0 Folder = E:\Documents and Settings\Marc\Local Settings\Temporary Internet Files\Content.IE5\8LDFAVHT
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

1,98 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 67,12% Memory free
3,82 Gb Paging File | 3,27 Gb Available in Paging File | 85,72% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 195,31 Gb Total Space | 50,10 Gb Free Space | 25,65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 29,81 Gb Total Space | 8,46 Gb Free Space | 28,40% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 72,96 Gb Total Space | 18,24 Gb Free Space | 25,00% Space Free | Partition Type: NTFS

Computer Name: LIBRE
Current User Name: Marc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008-08-08 15:36:14 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- E:\WINDOWS\system32\ati2evxx.exe
[2008-08-08 15:36:14 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- E:\WINDOWS\system32\ati2evxx.exe
[2006-06-26 09:33:42 | 00,099,888 | ---- | M] (Logitech Inc.) -- e:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe
[2008-11-07 23:15:51 | 00,068,865 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2008-11-07 23:15:49 | 00,151,297 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2006-12-27 17:11:56 | 00,074,520 | ---- | M] (OSA Technologies Inc., An Avocent Company) -- E:\Program Files\Intel\IDU\awServ.exe
[2006-03-09 09:30:34 | 00,630,905 | ---- | M] (Diskeeper® Corporation) -- E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
[2004-02-18 20:03:00 | 00,065,536 | ---- | M] (SEIKO EPSON CORPORATION) -- E:\WINDOWS\system32\E_S00RP1.EXE
[2007-08-23 14:05:18 | 00,045,056 | ---- | M] () -- E:\Program Files\MagicTune Premium\MagicTuneEngine.exe
[2003-06-19 17:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
[2005-10-06 10:15:32 | 00,167,936 | ---- | M] () -- E:\Program Files\CyberLink\Shared Files\RichVideo.exe
[2007-05-28 11:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
[2004-04-29 20:07:00 | 00,122,880 | ---- | M] (SEIKO EPSON CORPORATION) -- E:\WINDOWS\system32\SAgent4.exe
[2005-01-28 07:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\wdfmgr.exe
[2008-05-16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- E:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe
[2005-08-12 08:43:58 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- E:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2007-10-23 04:37:28 | 09,146,368 | ---- | M] (Intel Corporation) -- E:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
[2006-12-28 17:07:20 | 02,242,328 | ---- | M] (OSA Technologies Inc., An Avocent Company) -- E:\Program Files\Intel\IDU\iptray.exe
[2007-12-03 16:17:28 | 02,473,984 | ---- | M] (SEC) -- E:\Program Files\MagicTune Premium\MagicTune.exe
[2007-03-28 00:07:42 | 00,593,920 | R--- | M] () -- E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[2008-06-10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008-08-20 04:53:25 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[2008-06-12 14:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2007-10-18 05:34:04 | 05,724,184 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2005-08-12 08:43:58 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- E:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2006-03-02 07:00:00 | 00,070,656 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\notepad.exe
[2008-06-23 04:21:49 | 00,625,664 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Internet Explorer\iexplore.exe
[2007-10-18 05:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Windows Live\Messenger\usnsvc.exe
[2008-11-08 06:38:07 | 00,418,304 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Marc\Local Settings\Temporary Internet Files\Content.IE5\8LDFAVHT\OTListIt[1].exe

========== (O23) Win32 Services ==========

[2008-11-07 23:15:51 | 00,068,865 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (antivirscheduler [Auto | Running])
[2008-11-07 23:15:49 | 00,151,297 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (antivirservice [Auto | Running])
[2007-10-23 19:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008-08-08 15:36:14 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- E:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2006-12-20 15:05:00 | 00,520,192 | ---- | M] () -- E:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2006-12-27 17:11:56 | 00,074,520 | ---- | M] (OSA Technologies Inc., An Avocent Company) -- E:\Program Files\Intel\IDU\awServ.exe -- (AWService [Auto | Running])
File not found -- -- (Bonjour Service [Disabled | Stopped])
[2007-10-23 19:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006-03-09 09:30:34 | 00,630,905 | ---- | M] (Diskeeper® Corporation) -- E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
[2004-02-18 20:03:00 | 00,065,536 | ---- | M] (SEIKO EPSON CORPORATION) -- E:\WINDOWS\system32\E_S00RP1.EXE -- (EPSON_PM_RPCV2_01 [Auto | Running])
[2007-11-11 20:18:50 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- E:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2007-10-09 06:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2005-11-14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- E:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007-10-11 03:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2006-06-26 09:33:42 | 00,099,888 | ---- | M] (Logitech Inc.) -- e:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
[2006-06-26 09:33:56 | 00,091,696 | ---- | M] (Logitech Inc.) -- E:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Disabled | Stopped])
[2007-08-23 14:05:18 | 00,045,056 | ---- | M] () -- E:\Program Files\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine [Auto | Running])
[2003-06-19 17:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2005-11-24 11:03:22 | 00,053,337 | ---- | M] (Sony Corporation) -- E:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
[2006-10-09 16:11:08 | 00,724,992 | ---- | M] (Nero AG) -- E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [Disabled | Stopped])
[2007-10-11 03:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008-05-21 16:25:30 | 00,012,800 | ---- | M] (Pure Networks, Inc.) -- E:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache [On_Demand | Stopped])
[2008-05-16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- E:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
[2007-08-24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006-10-26 08:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005-11-24 10:57:44 | 00,053,337 | ---- | M] (Sony Corporation) -- E:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
[2005-10-06 10:15:32 | 00,167,936 | ---- | M] () -- E:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
[2005-11-24 10:47:30 | 00,069,718 | ---- | M] (Sony Corporation) -- E:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
File not found -- -- (StarWindService [Auto | Stopped])
[2007-05-28 11:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])
[2004-04-29 20:07:00 | 00,122,880 | ---- | M] (SEIKO EPSON CORPORATION) -- E:\WINDOWS\system32\SAgent4.exe -- (StatusAgent4 [Auto | Running])
[2005-01-28 07:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2007-10-18 05:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
[2007-12-13 13:27:10 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- E:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [On_Demand | Stopped])

========== Driver Services ==========

[2005-02-16 03:06:18 | 00,018,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- E:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50 [On_Demand | Stopped])
[2008-08-08 16:30:42 | 03,266,560 | ---- | M] (ATI Technologies Inc.) -- E:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2008-09-27 17:11:30 | 00,278,984 | ---- | M] () -- E:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt [Auto | Running])
[2007-02-27 15:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2008-05-20 16:29:41 | 00,052,032 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
[2008-06-27 15:03:55 | 00,075,072 | ---- | M] (Avira GmbH) -- E:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [System | Running])
[2001-08-17 19:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- E:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk [On_Demand | Stopped])
[2006-06-05 08:49:08 | 00,230,400 | R--- | M] (Intel Corporation) -- E:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express [On_Demand | Running])
[2005-10-20 09:30:00 | 00,011,264 | R--- | M] (ASUSTeK Computer Inc.) -- E:\WINDOWS\system32\drivers\EIO.sys -- (EIO [Auto | Running])
[2007-08-07 14:48:33 | 00,025,160 | ---- | M] (Elaborate Bytes AG) -- E:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO [System | Running])
[2007-02-15 19:56:49 | 00,011,984 | ---- | M] (Elaborate Bytes AG) -- E:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay [On_Demand | Running])
[2001-08-17 19:19:26 | 00,283,904 | ---- | M] (Creative Technology Ltd.) -- E:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k [On_Demand | Stopped])
[2001-08-17 19:19:28 | 00,006,912 | ---- | M] (Creative Technology Ltd.) -- E:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1 [On_Demand | Stopped])
[2001-08-17 19:19:34 | 00,040,704 | ---- | M] (Creative Technology Ltd.) -- E:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371 [On_Demand | Stopped])
[2008-04-25 23:25:25 | 00,094,208 | ---- | M] (VSO Software) -- E:\WINDOWS\system32\drivers\ezplay.sys -- (ezplay [On_Demand | Stopped])
[2004-08-03 22:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Stopped])
[2007-11-26 23:57:23 | 00,005,248 | ---- | M] () -- E:\WINDOWS\system32\giveio.sys -- (giveio [On_Demand | Stopped])
[2005-03-02 11:44:00 | 00,465,988 | ---- | M] (Hauppauge Computer Works) -- E:\WINDOWS\system32\drivers\HCWBT8xx.sys -- (HCWBT8XX [On_Demand | Running])
[2005-01-07 11:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- E:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2007-07-09 09:40:20 | 00,044,416 | ---- | M] (Intel Corporation) -- E:\WINDOWS\system32\drivers\HECI.sys -- (HECI [On_Demand | Running])
[2007-12-19 10:32:12 | 05,854,688 | ---- | M] (Intel Corporation) -- E:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm [On_Demand | Stopped])
[2004-08-19 15:00:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2007-07-19 09:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- E:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2007-02-04 07:01:25 | 00,018,048 | ---- | M] () -- E:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt [Auto | Running])
[2006-06-26 09:33:28 | 01,587,632 | ---- | M] (Logitech Inc.) -- E:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap [On_Demand | Stopped])
[2006-06-26 09:33:36 | 01,952,816 | ---- | M] (Logitech Inc.) -- E:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv [On_Demand | Stopped])
[2006-06-26 09:33:40 | 00,023,472 | ---- | M] () -- E:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
[2006-06-22 17:29:46 | 00,038,960 | R--- | M] (Logitech Inc.) -- E:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
[2007-11-29 11:46:08 | 00,013,184 | ---- | M] (Samsung Electronics, Inc. ) -- E:\WINDOWS\system32\drivers\MTiCtwl.sys -- (MagicTune [On_Demand | Stopped])
[2004-04-10 02:42:36 | 00,002,944 | ---- | M] (cansoft@livewiredev.com) -- E:\WINDOWS\system32\mbmiodrvr.sys -- (mbmiodrvr [System | Running])
[2004-03-30 05:29:36 | 00,118,106 | ---- | M] (Mars Semiconductor Corp.) -- E:\WINDOWS\system32\drivers\mr97310v.sys -- (MR97310_VGA_DUAL_CAMERA [On_Demand | Stopped])
[2007-11-29 11:46:08 | 00,013,184 | ---- | M] (Samsung Electronics, Inc. ) -- E:\WINDOWS\system32\drivers\MTiCtwl.sys -- (NCPro [System | Running])
[2006-03-02 07:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2008-03-17 08:46:51 | 00,006,784 | ---- | M] (OSA Technologies, An Avocent Company) -- E:\WINDOWS\system32\drivers\osaio.sys -- (osaio [Auto | Running])
[2003-10-15 16:52:50 | 00,174,530 | R--- | M] (OmniVision Technologies, Inc.) -- E:\WINDOWS\system32\drivers\ov519vid.sys -- (ovt519 [On_Demand | Running])
[2007-02-02 10:42:03 | 00,047,360 | ---- | M] (VSO Software) -- E:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
[2006-06-22 17:29:27 | 00,012,080 | R--- | M] (Logitech Inc.) -- E:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter [On_Demand | Stopped])
[2003-09-19 09:45:48 | 00,021,248 | ---- | M] (Padus, Inc.) -- E:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2006-06-22 17:29:28 | 00,720,176 | R--- | M] (Logitech Inc.) -- E:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0 [On_Demand | Stopped])
[2008-05-16 05:10:32 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- E:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp [Auto | Running])
[2006-03-02 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- E:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008-05-16 05:10:30 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- E:\WINDOWS\system32\drivers\purendis.sys -- (purendis [Auto | Running])
[2007-03-07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- E:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2006-06-05 09:08:33 | 00,030,556 | ---- | M] (PowerISO Computing, Inc.) -- E:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2006-11-07 10:37:40 | 00,066,656 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\se3ebus.sys -- (se3ebus [On_Demand | Stopped])
[2006-11-07 10:37:42 | 00,009,392 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\se3emdfl.sys -- (se3emdfl [On_Demand | Stopped])
[2006-11-07 10:37:42 | 00,100,736 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\se3emdm.sys -- (se3emdm [On_Demand | Stopped])
[2006-11-07 10:37:46 | 00,092,304 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\se3emgmt.sys -- (se3emgmt [On_Demand | Stopped])
[2006-11-07 10:37:48 | 00,090,144 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\se3eobex.sys -- (se3eobex [On_Demand | Stopped])
[2006-09-05 19:07:00 | 00,061,536 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\se59bus.sys -- (se59bus [On_Demand | Stopped])
[2006-09-05 19:07:48 | 00,009,360 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\se59mdfl.sys -- (se59mdfl [On_Demand | Stopped])
[2006-09-05 19:07:52 | 00,097,088 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\se59mdm.sys -- (se59mdm [On_Demand | Stopped])
[2006-09-05 19:08:40 | 00,088,624 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\se59mgmt.sys -- (se59mgmt [On_Demand | Stopped])
[2006-09-05 19:06:28 | 00,018,704 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\se59nd5.sys -- (se59nd5 [On_Demand | Stopped])
[2006-09-05 19:09:26 | 00,086,432 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\se59obex.sys -- (se59obex [On_Demand | Stopped])
[2006-09-05 19:06:22 | 00,090,800 | R--- | M] (MCCI) -- E:\WINDOWS\system32\drivers\se59unic.sys -- (se59unic [On_Demand | Stopped])
[2007-11-13 05:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- E:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2001-08-17 19:19:34 | 00,036,480 | ---- | M] (Creative Technology Ltd.) -- E:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman [On_Demand | Stopped])
[2007-03-16 08:59:40 | 00,054,272 | ---- | M] (Sonic Focus, Inc) -- E:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32 [On_Demand | Running])
[2003-11-03 10:39:10 | 00,036,484 | ---- | M] (Intel Corporation) -- E:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios [On_Demand | Running])
[2006-08-30 05:09:00 | 00,022,272 | ---- | M] (Intel Corporation) -- E:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp [On_Demand | Running])
[2007-06-06 11:05:34 | 09,604,864 | ---- | M] () -- E:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC [On_Demand | Stopped])
[2001-08-17 20:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- E:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2008-04-26 02:46:42 | 00,715,248 | ---- | M] () -- E:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2007-10-18 14:18:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- E:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
[2007-03-01 10:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- E:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2007-10-24 11:07:22 | 01,248,184 | ---- | M] (IDT, Inc.) -- E:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2004-08-03 17:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Running])
[2004-08-03 22:10:12 | 00,078,464 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\drivers\usbvideo.sys -- (usbvideo [On_Demand | Stopped])
[2007-06-05 18:19:22 | 00,033,608 | ---- | M] () -- E:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv [System | Running])
[2007-06-05 18:19:34 | 00,028,008 | ---- | M] (innotek GmbH) -- E:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon [System | Running])
[2007-12-13 13:27:14 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- E:\WINDOWS\system32\vsdatant.sys -- (vsdatant [System | Running])
[2008-01-24 14:08:54 | 00,019,336 | ---- | M] (Logitech Inc.) -- E:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum [On_Demand | Running])
[2008-01-24 14:09:04 | 00,028,168 | ---- | M] (Logitech Inc.) -- E:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter [On_Demand | Running])
[2008-01-24 14:09:14 | 00,029,192 | ---- | M] (Logitech Inc.) -- E:\WINDOWS\system32\drivers\WmHidLo.sys -- (WmHidLo [On_Demand | Stopped])
[2008-01-24 14:09:24 | 00,014,728 | ---- | M] (Logitech Inc.) -- E:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid [On_Demand | Stopped])
[2008-01-24 14:09:34 | 00,048,904 | ---- | M] (Logitech Inc.) -- E:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore [On_Demand | Running])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://jeu-gratuit-online.net/the-space ... /index.php
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\.default\.default\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\s-1-5-18\s-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


HKU\s-1-5-20\s-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\s-1-5-21-1993962763-1958367476-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\system32\blank.htm
HKU\s-1-5-21-1993962763-1958367476-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKU\s-1-5-21-1993962763-1958367476-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://jeu-gratuit-online.net/the-space ... /index.php
HKU\s-1-5-21-1993962763-1958367476-839522115-1005\s-1-5-21-1993962763-1958367476-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (4158 bytes) - E:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 bin.errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.systemdoctor.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winantispyware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.windrivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 dynamique.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 es.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winfixer.com ## added by CiD
O1 - Hosts: 46 more lines...
O2 - BHO: (E:\WINDOWS\system32\jsne87fidgf.dll) - {c5bf49a2-94f3-42bd-f434-3604812c897d} - E:\WINDOWS\system32\jsne87fidgf.dll ()
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - E:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKCU\..\Toolbar: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - E:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKCU\..\Toolbar: (no name) - {A057A204-BACC-4D26-8287-79A187E26987} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\s-1-5-21-1993962763-1958367476-839522115-1005\..\Toolbar: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\s-1-5-21-1993962763-1958367476-839522115-1005\..\Toolbar: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - E:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKU\s-1-5-21-1993962763-1958367476-839522115-1005\..\Toolbar: (no name) - {A057A204-BACC-4D26-8287-79A187E26987} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\s-1-5-21-1993962763-1958367476-839522115-1005\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\s-1-5-21-1993962763-1958367476-839522115-1005\..\Toolbar: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\s-1-5-21-1993962763-1958367476-839522115-1005\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key does not exist or could not be opened. File not found
O4 - HKLM..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
O4 - HKLM..\Run: [avgnt] "E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [DiskeeperSystray] "E:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" (Diskeeper® Corporation)
O4 - HKLM..\Run: [IgfxTray] E:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelAudioStudio] "E:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY (Intel Corporation)
O4 - HKLM..\Run: [ipTray.exe] "E:\Program Files\Intel\IDU\iptray.exe" (OSA Technologies Inc., An Avocent Company)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] "E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKCU..\Run: [HijackThis startup scan] E:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan (Trend Micro Inc.)
O4 - HKCU..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKU\s-1-5-21-1993962763-1958367476-839522115-1005..\Run: [HijackThis startup scan] E:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan (Trend Micro Inc.)
O4 - HKU\s-1-5-21-1993962763-1958367476-839522115-1005..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LegalNoticeText =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LegalNoticeCaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 03 EA FF 01 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1


O7 - HKU\.default\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-18\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-19\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-19_classes\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\s-1-5-20\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-20_classes\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\s-1-5-21-1993962763-1958367476-839522115-1005\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\s-1-5-21-1993962763-1958367476-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-21-1993962763-1958367476-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\s-1-5-21-1993962763-1958367476-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 1
O7 - HKU\s-1-5-21-1993962763-1958367476-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 03 EA FF 01 [binary data]
O7 - HKU\s-1-5-21-1993962763-1958367476-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = [binary data]
O7 - HKU\s-1-5-21-1993962763-1958367476-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKU\s-1-5-21-1993962763-1958367476-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1


O7 - HKU\s-1-5-21-1993962763-1958367476-839522115-1005_classes\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKCU\..Trusted Sites: localhost (http in Sites de confiance)
O15 - HKU\s-1-5-21-1993962763-1958367476-839522115-1005\..Trusted Sites: localhost (http in Sites de confiance)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/C ... 4696296296 (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/fl ... wflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///E:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key does not exist or could not be opened.)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - E:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - livecall - E:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - E:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - E:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-help - E:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ms-itss - E:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msnim - E:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap - E:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap11 - E:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - pure-go - E:\Program Files\Fichiers communs\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Filter: - text/xml - E:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings
O22 - SharedTaskScheduler: (mcb7uehuj3n8weuhejsw) - {C5BF49A2-94F3-42BD-F434-3604812C897D} - E:\WINDOWS\system32\jsne87fidgf.dll ()

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UIHost" = E:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --


========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- E:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
igfxcui: "DllName" = igfxdev.dll -- E:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3711EEB0-1851-42C2-9ABD-C29470A5035C}" (HKLM) -- E:\WINDOWS\system32\qoMcbaWQ.dll File not found

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages" = msv1_0,E:\WINDOWS\system32\rqRIccCU,
>File not found --

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00369521-d659-11dc-addd-001676c87bd4}\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00369521-d659-11dc-addd-001676c87bd4}\Shell\AutoRun\command]
"" = J:\m.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{56a1c763-c98c-11dc-8422-001676c87bd4}\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{56a1c763-c98c-11dc-8422-001676c87bd4}\Shell\AutoRun\command]
"" = F:\STARTUP.EXE -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82ace819-c8ac-11dc-8422-001676c87bd4}\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82ace819-c8ac-11dc-8422-001676c87bd4}\Shell\AutoRun\command]
"" = H:\STARTUP.EXE -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\Shell\autorun\command]
"" = I:\autorun.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2008-11-08 05:54:55 | 00,452,043 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\GenProc.zip
[2008-11-07 23:14:47 | 00,001,858 | ---- | C] () -- E:\Documents and Settings\All Users\Bureau\AntiVir PE Classic.lnk
[2008-11-07 23:14:25 | 00,045,376 | ---- | C] (Avira GmbH) -- E:\WINDOWS\System32\drivers\avgntdd.sys
[2008-11-07 23:14:25 | 00,022,336 | ---- | C] (Avira GmbH) -- E:\WINDOWS\System32\drivers\avgntmgr.sys
[2008-11-07 23:14:22 | 00,028,352 | ---- | C] (Avira GmbH) -- E:\WINDOWS\System32\drivers\ssmdrv.sys
[2008-11-07 23:14:17 | 00,075,072 | ---- | C] (Avira GmbH) -- E:\WINDOWS\System32\drivers\avipbb.sys
[2008-11-07 23:14:14 | 00,000,000 | ---D | C] -- E:\Program Files\Avira
[2008-11-07 23:14:14 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Avira
[2008-11-07 23:05:49 | 25,085,704 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\antivir-personal-edition_avira_antivir_personal_free_8.1.0.367_anglais_10821.exe
[2008-11-07 22:50:38 | 00,000,000 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\antivir_workstation_winu_en_h.exe
[2008-11-07 22:50:25 | 25,129,080 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\antivir_workstation_winu_en_h.exe.part
[2008-11-07 22:31:42 | 00,000,344 | -HS- | C] () -- E:\WINDOWS\System32\UCccIRqr.ini
[2008-11-07 22:25:28 | 00,105,858 | ---- | C] () -- E:\WINDOWS\System32\drivers\582b492.sys
[2008-11-07 22:25:27 | 00,010,000 | ---- | C] () -- E:\WINDOWS\System32\jsne87fidgf.dll
[2008-11-06 09:02:39 | 00,037,888 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\Nous offrons des prix spéciaux aux.doc
[2008-11-06 07:56:12 | 00,079,360 | ---- | C] () -- E:\Documents and Settings\Marc\Mes documents\2050 avenue Bourbonnière.doc
[2008-11-06 06:29:02 | 24,585,544 | ---- | C] (Avery ) -- E:\Documents and Settings\Marc\Bureau\Avery Wizard 3.1.5.exe
[2008-11-05 17:15:56 | 00,196,027 | ---- | C] () -- E:\Documents and Settings\Marc\Mes documents\brochurenov2008.pdf
[2008-11-02 19:41:07 | 00,035,840 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\Nouveau Microsoft Word Document (3).doc
[2008-11-02 13:54:37 | 00,057,007 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\kx385546.gif
[2008-11-01 18:52:21 | 02,104,298 | ---- | C] () -- E:\WINDOWS\System32\drivers\2gmgsmt.sf2
[2008-11-01 18:03:01 | 56,225,7920 | R--- | C] () -- E:\Documents and Settings\Marc\Mes documents\2005 CAT ON CD.iso
[2008-11-01 17:36:16 | 00,001,964 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\2006 Catalog on Cd.lnk
[2008-11-01 17:35:26 | 00,000,000 | ---D | C] -- E:\Program Files\Dakota Collectibles
[2008-11-01 11:04:11 | 00,144,196 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\marco.jpg
[2008-10-31 04:48:43 | 00,029,184 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\adressepq.doc
[2008-10-31 04:26:27 | 00,623,104 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\listepq.doc
[2008-10-29 10:00:03 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Marc\Application Data\Lineo
[2008-10-29 09:58:51 | 00,000,673 | ---- | C] () -- E:\Documents and Settings\All Users\Bureau\Linéo.lnk
[2008-10-29 09:58:51 | 00,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Lineo
[2008-10-29 09:58:46 | 00,000,000 | ---D | C] -- E:\Program Files\Lineo
[2008-10-29 09:57:20 | 05,250,742 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\Lineo_0.3_Install.exe
[2008-10-28 10:35:22 | 00,311,870 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\factureboxerpeekeee.jpg
[2008-10-28 00:01:18 | 00,000,162 | -H-- | C] () -- E:\Documents and Settings\Marc\Bureau\~$uveau Microsoft Word Document (2).doc
[2008-10-28 00:01:00 | 00,010,752 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\Nouveau Microsoft Word Document (2).doc
[2008-10-25 01:17:15 | 05,975,510 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\logoyin.psd
[2008-10-24 03:22:52 | 00,755,147 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\piki.psd
[2008-10-23 22:17:33 | 00,219,587 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\peekeeee.jpg
[2008-10-23 21:21:49 | 00,145,045 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\logo2.jpg
[2008-10-23 17:56:38 | 00,010,752 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\Nouveau Microsoft Word Document.doc
[2008-10-23 17:29:18 | 00,000,000 | ---D | C] -- E:\Documents and Settings\Marc\Bureau\icecream
[2008-10-22 20:03:10 | 04,155,285 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\sonic3.psd
[2008-10-22 14:20:17 | 00,567,589 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\moka 012.JPG
[2008-10-22 14:18:11 | 00,518,885 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\moka 014.JPG
[2008-10-22 14:17:30 | 00,574,399 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\moka 015.JPG
[2008-10-22 14:17:17 | 00,634,124 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\moka 016.JPG
[2008-10-19 21:32:34 | 00,096,624 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\wallpaper16.jpg
[2008-10-19 21:30:46 | 00,147,669 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\sonic-wallpaper.jpg
[2008-10-19 21:30:08 | 00,096,783 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\SonicMegaCollectionWallpaper1024.jpg
[2008-10-19 21:02:26 | 00,028,403 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\cmscontroller.jpg
[2008-10-19 21:01:45 | 00,446,941 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\sh01.jpg
[2008-10-19 20:59:44 | 00,007,791 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\servletimagedownload.jpg
[2008-10-19 20:09:46 | 00,010,362 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\boxer1.jpg
[2008-10-19 20:09:41 | 00,040,589 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\boxer2.jpg
[2008-10-12 07:03:55 | 00,000,000 | ---D | C] -- E:\Program Files\Bonjour
[2008-10-10 18:04:31 | 00,018,931 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\cool_shot.jpg
[2008-10-10 17:56:12 | 00,129,773 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\15122006017.jpg
[2008-10-09 15:58:50 | 00,000,284 | ---- | C] () -- E:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008-10-09 09:06:16 | 04,308,641 | ---- | C] () -- E:\Documents and Settings\Marc\Bureau\Pieter_Brueghel_The_Triumpf_of_Death.jpg


========== Files - Modified Within 30 Days ==========

[1 E:\WINDOWS\*.tmp files]
[2008-11-08 06:39:46 | 00,105,858 | ---- | M] () -- E:\WINDOWS\System32\drivers\582b492.sys
[2008-11-08 06:39:34 | 21,888,2080 | -HS- | M] () -- E:\WINDOWS\System32\drivers\fidbox.dat
[2008-11-08 06:28:06 | 00,000,586 | ---- | M] () -- E:\Documents and Settings\Marc\Mes documents\Mes dossiers de partage.lnk
[2008-11-08 05:54:59 | 00,452,043 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\GenProc.zip
[2008-11-08 05:45:08 | 00,539,284 | ---- | M] () -- E:\WINDOWS\System32\perfh00C.dat
[2008-11-08 05:45:08 | 00,466,500 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2008-11-08 05:45:08 | 00,099,244 | ---- | M] () -- E:\WINDOWS\System32\perfc00C.dat
[2008-11-08 05:45:07 | 00,082,434 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
[2008-11-08 05:45:04 | 01,202,938 | ---- | M] () -- E:\WINDOWS\System32\PerfStringBackup.INI
[2008-11-08 05:41:56 | 00,013,646 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2008-11-08 05:40:12 | 00,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT
[2008-11-08 05:40:10 | 00,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2008-11-08 05:40:08 | 00,047,604 | ---- | M] () -- E:\WINDOWS\System32\ativvaxx.cap
[2008-11-08 05:38:42 | 08,435,376 | -H-- | M] () -- E:\Documents and Settings\Marc\Local Settings\Application Data\IconCache.db
[2008-11-08 05:19:43 | 02,567,660 | -HS- | M] () -- E:\WINDOWS\System32\drivers\fidbox.idx
[2008-11-08 05:08:24 | 00,000,344 | -HS- | M] () -- E:\WINDOWS\System32\UCccIRqr.ini
[2008-11-08 04:13:48 | 01,662,464 | -HS- | M] () -- E:\Documents and Settings\Marc\Bureau\Thumbs.db
@Alternate Data Stream - 0 bytes -> E:\Documents and Settings\Marc\Bureau\Thumbs.db:encryptable
[2008-11-07 23:14:47 | 00,001,858 | ---- | M] () -- E:\Documents and Settings\All Users\Bureau\AntiVir PE Classic.lnk
[2008-11-07 23:07:39 | 25,085,704 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\antivir-personal-edition_avira_antivir_personal_free_8.1.0.367_anglais_10821.exe
[2008-11-07 23:05:09 | 25,129,080 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\antivir_workstation_winu_en_h.exe.part
[2008-11-07 23:05:09 | 00,000,000 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\antivir_workstation_winu_en_h.exe
[2008-11-07 22:25:27 | 00,010,000 | ---- | M] () -- E:\WINDOWS\System32\jsne87fidgf.dll
[2008-11-07 15:43:24 | 00,000,116 | ---- | M] () -- E:\WINDOWS\NeroDigital.ini
[2008-11-06 15:57:02 | 00,000,284 | ---- | M] () -- E:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008-11-06 09:02:39 | 00,037,888 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\Nous offrons des prix spéciaux aux.doc
[2008-11-06 07:56:12 | 00,079,360 | ---- | M] () -- E:\Documents and Settings\Marc\Mes documents\2050 avenue Bourbonnière.doc
[2008-11-06 06:29:30 | 24,585,544 | ---- | M] (Avery ) -- E:\Documents and Settings\Marc\Bureau\Avery Wizard 3.1.5.exe
[2008-11-05 17:15:57 | 00,196,027 | ---- | M] () -- E:\Documents and Settings\Marc\Mes documents\brochurenov2008.pdf
[2008-11-02 21:23:51 | 00,035,840 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\Nouveau Microsoft Word Document (3).doc
[2008-11-02 13:54:40 | 00,057,007 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\kx385546.gif
[2008-11-01 18:05:31 | 56,225,7920 | R--- | M] () -- E:\Documents and Settings\Marc\Mes documents\2005 CAT ON CD.iso
[2008-11-01 17:36:16 | 00,001,964 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\2006 Catalog on Cd.lnk
[2008-11-01 11:04:13 | 00,144,196 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\marco.jpg
[2008-10-31 16:15:14 | 00,000,390 | ---- | M] () -- E:\WINDOWS\tasks\1-Click Maintenance.job
[2008-10-31 04:48:43 | 00,029,184 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\adressepq.doc
[2008-10-31 04:26:28 | 00,623,104 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\listepq.doc
[2008-10-29 09:58:51 | 00,000,673 | ---- | M] () -- E:\Documents and Settings\All Users\Bureau\Linéo.lnk
[2008-10-29 09:57:34 | 05,250,742 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\Lineo_0.3_Install.exe
[2008-10-28 10:35:25 | 00,311,870 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\factureboxerpeekeee.jpg
[2008-10-28 00:01:18 | 00,000,162 | -H-- | M] () -- E:\Documents and Settings\Marc\Bureau\~$uveau Microsoft Word Document (2).doc
[2008-10-28 00:01:00 | 00,010,752 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\Nouveau Microsoft Word Document (2).doc
[2008-10-27 16:03:20 | 00,755,147 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\piki.psd
[2008-10-25 01:17:17 | 05,975,510 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\logoyin.psd
[2008-10-23 22:17:35 | 00,219,587 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\peekeeee.jpg
[2008-10-23 21:21:57 | 00,145,045 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\logo2.jpg
[2008-10-23 17:56:38 | 00,010,752 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\Nouveau Microsoft Word Document.doc
[2008-10-22 20:03:12 | 04,155,285 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\sonic3.psd
[2008-10-22 14:20:43 | 00,567,589 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\moka 012.JPG
[2008-10-22 14:18:28 | 00,518,885 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\moka 014.JPG
[2008-10-22 14:18:24 | 00,574,399 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\moka 015.JPG
[2008-10-22 14:18:14 | 00,634,124 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\moka 016.JPG
[2008-10-19 21:32:35 | 00,096,624 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\wallpaper16.jpg
[2008-10-19 21:30:47 | 00,147,669 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\sonic-wallpaper.jpg
[2008-10-19 21:30:09 | 00,096,783 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\SonicMegaCollectionWallpaper1024.jpg
[2008-10-19 21:02:27 | 00,028,403 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\cmscontroller.jpg
[2008-10-19 21:01:46 | 00,446,941 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\sh01.jpg
[2008-10-19 20:59:45 | 00,007,791 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\servletimagedownload.jpg
[2008-10-19 20:09:44 | 00,010,362 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\boxer1.jpg
[2008-10-19 20:09:37 | 00,040,589 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\boxer2.jpg
[2008-10-13 07:32:44 | 00,182,272 | ---- | M] () -- E:\Documents and Settings\Marc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-10-10 18:04:32 | 00,018,931 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\cool_shot.jpg
[2008-10-10 17:56:16 | 00,129,773 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\15122006017.jpg
[2008-10-09 09:06:24 | 04,308,641 | ---- | M] () -- E:\Documents and Settings\Marc\Bureau\Pieter_Brueghel_The_Triumpf_of_Death.jpg

<End>
Narbonne
 
Messages: 8
Inscription: 06 Mar 2008, 08:27

Messagede Narbonne » 08 Nov 2008, 12:43

OTListIt Extras logfile created on: 2008-11-08 06:39:04 - Run
OTListIt by OldTimer - Version 1.0.12.0 Folder = E:\Documents and Settings\Marc\Local Settings\Temporary Internet Files\Content.IE5\8LDFAVHT
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

1,98 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 67,12% Memory free
3,82 Gb Paging File | 3,27 Gb Available in Paging File | 85,72% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 195,31 Gb Total Space | 50,10 Gb Free Space | 25,65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 29,81 Gb Total Space | 8,46 Gb Free Space | 28,40% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 72,96 Gb Total Space | 18,24 Gb Free Space | 25,00% Space Free | Partition Type: NTFS

Computer Name: LIBRE
Current User Name: Marc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2007-10-18 05:34:04 | 05,724,184 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007-10-02 11:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- E:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe
File not found -- E:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe
File not found -- E:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe
[2004-10-13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008-10-09 05:42:08 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- E:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent
[2004-04-29 20:07:00 | 00,122,880 | ---- | M] (SEIKO EPSON CORPORATION) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Disabled:SAgent4
[2006-03-02 07:00:00 | 01,044,480 | ---- | M] (Microsoft Corporation) -- E:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®
[2008-09-28 00:23:23 | 00,307,712 | ---- | M] (Mozilla Corporation) -- E:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2005-11-08 07:11:24 | 02,437,120 | ---- | M] (http://ddemangel.free.fr) -- E:\Program Files\Webutility\Webutility.exe:*:Enabled:Utilitaire Internet et Système
[2006-11-02 12:08:06 | 05,120,000 | ---- | M] (CoffeeCup Software, Inc.) -- C:\Program Files\CoffeeCup Software\CoffeeCup Visual Site Designer\vsd.exe:*:Enabled:Visual Site Designer Application
[2007-05-30 11:54:24 | 00,499,712 | ---- | M] (DENTOR) -- E:\Program Files\Outils\EnvoiFTP\EnvoiFTP.exe:*:Enabled:Envoi un ou plusieurs fichiers en FTP sur un site internet.
[2007-11-01 14:57:24 | 02,756,096 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC
[2002-05-29 06:18:28 | 00,237,568 | ---- | M] () -- E:\Program Files\Alchemy Mindworks\GIF Construction Set Professional\alchuddl.exe:*:Disabled:alchuddl
[2006-03-02 07:00:00 | 00,083,456 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test
[2006-03-02 07:00:00 | 00,018,432 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server
[2006-03-02 07:00:00 | 00,078,336 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\rtcshare.exe:*:Disabled:Partage de l'application RTC
[2006-03-02 07:00:00 | 00,816,128 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console
[2005-12-05 15:43:22 | 10,244,096 | ---- | M] (Firaxis Games) -- C:\jeux\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4
[2007-10-18 05:34:04 | 05,724,184 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007-10-02 11:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2007-08-06 12:45:46 | 02,489,344 | ---- | M] () -- C:\jeux\Civilization II Multiplayer Gold Edition\Civilization II Multiplayer Gold Edition\civ2.exe:*:Disabled:civ2
[2006-03-02 07:00:00 | 00,033,792 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\rundll32.exe:*:Disabled:Exécuter une DLL en tant qu'application
[2007-12-03 16:17:28 | 02,473,984 | ---- | M] (SEC) -- E:\Program Files\MagicTune Premium\MagicTune.exe:*:Enabled:MagicTune
[2008-08-20 00:36:40 | 02,429,440 | ---- | M] (Aspyr Media, Inc.) -- C:\Program Files\Aspyr\Guitar Hero III\GH3.exe:*:Enabled:Guitar Hero III
[2008-08-20 04:53:35 | 00,214,560 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[2008-10-01 06:30:17 | 01,306,624 | ---- | M] (Camshare LLC) -- C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe:*:Enabled:Camfrog Client Module
[2008-06-06 10:23:56 | 02,568,192 | ---- | M] (Maïdo Production) -- C:\Program Files\Maïdo Production\IziSpot 4\IziSpot.exe:*:Enabled:IziSpot
File not found -- E:\Program Files\Fichiers communs\AOL\Loader\aolload.exe:*:Disabled:AOL Loader
File not found -- C:\Program Files\Avant Browser\avant.exe:*:Disabled:Avant Browser
[2008-04-01 05:40:42 | 00,172,280 | ---- | M] (ICQ, Inc.) -- E:\Program Files\ICQ6\ICQ.exe:*:Disabled:ICQ6
File not found -- C:\DJ\SAMBC\SAMBC.exe:*:Disabled:SAMBC
File not found -- E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\DJ\SAMBC\SAMReporter\SAMReporter.exe:*:Enabled:SAMReporter
[2008-08-27 17:27:42 | 04,743,168 | ---- | M] () -- C:\jeux\Hoyle Casino 2009\Hoyle Casino.exe:*:Disabled:Hoyle Casino
File not found -- E:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008-05-16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- E:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{02948A7B-74E0-44FD-AD96-8482DB980FF8}" = Outil de diagnostic de la machine virtuelle Microsoft
"{04AE42BE-8616-FAE0-999D-8787767FC287}" = Babuki
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0824EE6D-137F-4B83-9628-8E7B000BEBA6}" = Rail Simulator
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B3679A4-78C1-4719-A1FD-86AFBB5F3403}" = Mister quizz
"{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}" = Guitar Hero III
"{0EAC5DEC-2AFD-4533-9416-3098BFEFDEC2}_is1" = Infine CaptureFlash version 1.6
"{14FB1C47-B0F2-4DB6-B9C0-1A817862F9A3}" = ArcSoft Camera Suite 2.1
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{184D95BE-B66A-4534-97E6-4C6A44032C6E}" = CoffeeCup Flash Form Builder
"{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}" = MobileMe Control Panel
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2F8BE445-D14C-40E2-AF62-E43539FD1500}" = YouTUBE (TM) movie downloader
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3414A564-B87F-4733-97D8-09744A28C571}" = CBC Content Pack - CBC Fun Pack #1
"{344E5C2C-D231-4A9E-B90B-2CA781CBCD00}" = CATALOG ORGANIZER DELUXE (S)
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = StarCam Racer
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4AC7761F-7B49-482A-9BA1-E223D32D2B64}" = Intel Audio Studio
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{578B6EF9-119B-4FB8-8377-7DAFA9588B97}" = Network Magic
"{58297B27-7503-46BF-8179-692DE403A991}" = Diskeeper Home Edition
"{585C97EA-9CFF-434A-8E38-A9132E393275}_is1" = Sony Eyetoy USB Webcam Drivers and Software
"{5A79D3F9-1EB9-424A-A4EB-721677E56740}" = Install Intel Desktop Utilities
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{611BD998-34B9-4DDA-00AE-0CB4632E86FA}" = SimCity 4 Rush Hour
"{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}" = Logitech Gaming Software 5.02
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6DC2C097-15B9-41BB-BE85-A908C84B5BDD}" = PowerArchiver 2007 French
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7104189A-C592-4A56-AC9E-7C0CA135DA3C}" = AGEIA PhysX v6.10.25
"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78DEE332-4FE2-469F-9CF7-F54C47E11F21}" = IziSpot 4
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7F231232-C309-4401-964A-2A002B6E1ED9}" = Microsoft Baseline Security Analyzer 2.0.1
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110422467}" = Tiks Texas Hold em
"{870F1750-BA89-11DA-A94D-0800200C9A66}_is1" = VSO CopyToDVD 4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}" = UMVPLStandalone
"{8B509E9F-5405-497F-9493-0CA0A27155FD}" = 2006 Dakota Collectibles Catalog on CD
"{8BA676DE-6239-4D76-941A-C7B9A1501735}" = CoffeeCup News Flash
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{90120000-0019-0000-0000-0000000FF1CE}_PUBLISHER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHER_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHER_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHER_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9816D479-9DF1-4E9D-843F-F8146D1CBF01}" = X-Copy Pro
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A7AA93B6-6909-4073-B4EC-45CCDEFD4665}" = NHL® 08
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Assistant de connexion Windows Live
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B59FE77B-738F-4F1C-AB48-3104895AF676}" = innotek VirtualBox
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BADF6744-3787-48F6-B8C9-4C4995401D65}" = Windows Live Messenger
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C40AD26C-855D-45DF-BB8F-B339707E7ABC}" = Rock Tour
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}" = Pure Networks Platform
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB4AF7DA-CE59-41A9-93A6-DA921F809361}" = CoffeeCup Flash Firestarter
"{CFB17307-B244-4EAD-AE8E-CDAF440477C2}" = OpenMG Secure Module 4.4.00
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium
"{D72E71D4-E1DE-49BF-8BED-C80C7A740FDB}" = Intel Audio Studio
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DAE76241-A047-407E-9237-26120C7BA6CE}" = Lea passion Mode
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5430A11-6799-41E0-A9D5-F68BDC67AAD8}" = OpenOffice.org 2.1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}" = Logitech QuickCam
"{ED2FF555-B651-43C1-AAE7-D4B138D98B95}" = CoffeeCup Free DHTML Menu Builder
"{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}" = Nero 7 Ultra Edition
"{F5982296-84CC-4D5B-B791-B03650F3380E}" = Intel(R) Desktop Utilities
"{F6D63A65-BD23-46F3-B9A3-87F442423481}" = SweetIM For Internet Explorer 3.0b
"{F9AD857F-0492-4AC2-9A77-241360ADBB3C}" = ATI Catalyst Control Center
"{FB87524F-FC45-4D6A-96CB-B321FD8CF5B0}" = Cribbage
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FE6397C1-CECA-4EC3-B064-42AED7676898}" = Sony Ericsson PC Suite
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"AB Invoicing" = AB Invoicing
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 3.1" = Acoustica Mixcraft 3.1
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"adobe flash player plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"All ATI Software" = ATI - Utilitaire de désinstallation du logiciel
"antivir personaledition classic" = Avira AntiVir Personal - Free Antivirus
"Applet Effects Factory" = Applet Effects Factory
"Applet Headline Factory" = Applet Headline Factory
"Applet Navigation Factory" = Applet Navigation Factory
"ASP.NET Maker 3.3" = ASP.NET Maker 3.3
"ATI Display Driver" = ATI Display Driver
"Atomic Cannon" = Atomic Cannon
"Babuki.7FFE1EF3C0EAF397E48071BD36BB45EFAE41A826.1" = Babuki
"Barman's Life_is1" = Barman's Life Powered by AdVantage
"Belltech Small Business Publisher 5.1.1_is1" = Belltech Small Business Publisher 5.1.1
"BFG-Fashion Apprentice" = Fashion Apprentice
"Bridge Building Game" = Bridge Building Game
"Build-a-lot 2 - Town of the Year [h33t] [oi812heet]" = Build-a-lot 2 - Town of the Year [h33t] [oi812heet]
"Buildalot 2 Town Of The Year_is1" = Buildalot 2 Town Of The Year
"Building & Co" = Building & Co
"Bus Driver" = Bus Driver 1.0
"Camfrog 5.1" = Camfrog Video Chat 5.1
"Catalog2PDF" = Catalog2PDF
"City Life" = City Life 2008
"CloneDVD2" = CloneDVD2
"CoffeeCup Blog Machine" = CoffeeCup Blog Machine
"CoffeeCup Flash Blogger - Registered" = CoffeeCup Flash Blogger - Registered
"CoffeeCup Flash FireStarter" = CoffeeCup Flash FireStarter
"CoffeeCup Flash Menu Builder" = CoffeeCup Flash Menu Builder
"CoffeeCup Flash Photo Gallery - Registered" = CoffeeCup Flash Photo Gallery - Registered
"CoffeeCup Flash Website Search - Registered" = CoffeeCup Flash Website Search - Registered
"CoffeeCup GIF Animator" = CoffeeCup GIF Animator
"CoffeeCup Live Chat - Registered" = CoffeeCup Live Chat - Registered
"CoffeeCup LockBox" = CoffeeCup LockBox
"CoffeeCup PC TuneUp Pro" = CoffeeCup PC TuneUp Pro
"CoffeeCup StyleSheet Maker" = CoffeeCup StyleSheet Maker
"CoffeeCup Visual Site Designer" = CoffeeCup Visual Site Designer
"CoffeeCup WebCam 3.5" = CoffeeCup WebCam 3.5
"Convexsoft Video to FLV SWF GIF Converter" = Convexsoft Video to FLV SWF GIF Converter
"ConviSAV_is1" = ConviSAV 3.4
"Digital Make-up_is1" = Digital Make-up
"D-Link VGA Webcam" = D-Link VGA Webcam
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDFab Platinum_is1" = DVDFab Platinum 3.0.5.5 Ghosthunter release
"Easy For You_is1" = EasyForYou version 8
"EPSON Printer and Utilities" = EPSON Logiciel imprimante
"EPSON Scanner" = EPSON Scan
"FaceShopPro" = FaceShopPro
"FileZilla Client" = FileZilla Client 3.0.4.1
"Flash Menu Builder" = Flash Menu Builder 1.0
"Frets on Fire" = Frets On Fire
"ft_Transport Tycoon Deluxe" = Transport Tycoon Deluxe
"Game Maker 6.1" = Game Maker 6.1
"GIF Construction Set Professional" = GIF Construction Set Professional
"Gif Récupérateur_is1" = Gif Récupérateur 1.1
"GOM Player" = GOM Player
"HappyCollection_is1" = HappyCollection
"Hauppauge WinTV Source Selector" = Hauppauge WinTV Source Selector
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"HijackThis" = HijackThis 2.0.2
"Hiver 2006" = Hiver 2006
"Hoyle Casino 2009" = Hoyle Casino 2009
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn
"Ink Monitor" = Ink Monitor
"InstallShield_{0824EE6D-137F-4B83-9628-8E7B000BEBA6}" = Rail Simulator
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{CFB17307-B244-4EAD-AE8E-CDAF440477C2}" = OpenMG Secure Module 4.4.00
"InstallShield_{F5982296-84CC-4D5B-B791-B03650F3380E}" = Intel(R) Desktop Utilities
"InterActual Player" = InterActual Player
"iWebAlbum_is1" = iWebAlbum 2.02
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.84 Full
"Lagoon$_is1" = Lagoon$ 1.1.7
"Lineo" = Linéo
"LMSOFT Web Creator 2" = LMSOFT Web Creator 2
"Loco-Commotion" = Loco-Commotion
"Magic ISO Maker v5.4 (build 0247)" = Magic ISO Maker v5.4 (build 0247)
"Magic Swf2Gif_is1" = Magic Swf2Gif 1.35
"Magkit" = Magkit 5.20
"MemoWeb 4 - Découverte" = MemoWeb 4 - Découverte
"Metadataminer Catalogue_is1" = Metadataminer Catalogue version 4.2.27
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"mIRC" = mIRC
"MOTIX" = MOTIX
"Mozilla Firefox (3.0.3)" = Mozilla Firefox (3.0.3)
"MSNINST" = MSN
"MyGuard Live" = MyGuard Live
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OSCheck_is1" = OSCheck V1.2
"PartyPoker" = PartyPoker
"PDFCreator Toolbar" = PDFCreator Toolbar
"PerformanceTest_is1" = PerformanceTest v6.1
"Pontifex Demo" = Pontifex Demo
"Pool Billiard 1" = Pool Billiard 1
"PowerISO" = PowerISO
"Pro Bass Fishing 2003" = Pro Bass Fishing 2003
"PROSet" = Intel(R) PRO Network Connections Drivers
"PUBLISHER" = Microsoft Office Publisher 2007
"QcDrv" = Programme de gestion Camera de Logitech®
"RealPlayer 6.0" = RealPlayer
"Replay_AV_800" = Replay AV 8
"Rock Legend_is1" = Rock Legend
"San Andreas Mod Installer1.0" = San Andreas Mod Installer
"Silent Package Run-Time Sample" = Guide de l'utilisateur EPSON
"SSC Service Utility_is1" = SSC Service Utility v4.30
"Subway Scramble_is1" = Subway Scramble
"SuperVideoCap V5.38 Build 1680_is1" = SuperVideoCap V5.38 Build 1680
"SWF To Image library (full)_is1" = SWF To Image
"SWF-AVI-GIF Converter_is1" = SWF-AVI-GIF Converter 1.0
"The Game Of Life" = The Game Of Life
"TYPSoft Alarme_is1" = TYPSoft Alarm
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual Pool 3" = Virtual Pool 3
"Virtual Villagers" = Virtual Villagers (remove only)
"VTPlus32 pour WinTV (French)" = VTPlus32 pour WinTV (French)
"Webutility 7_is1" = Webutility 7.8.3
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = Archiveur WinRAR
"WM Recorder 11.2" = WM Recorder 11.2
"Xbox_360_CC_Driver" = Xbox 360 Controller for Windows
"XMIX Player_is1" = XMIX Player 1.0 beta 04
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yatzee" = Yatzee 2
"Zipkey" = Zipkey Zipcodes
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CataThumbs" = CataThumbs
"CD catalogue builder" = CD catalogue builder
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\s-1-5-21-1993962763-1958367476-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CataThumbs" = CataThumbs
"CD catalogue builder" = CD catalogue builder
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2008-10-29 16:02:39 | Computer Name = LIBRE | Source = Application Error | ID = 1000
Description = Application défaillante mplayerc.exe, version 6.4.9.0, module défaillant
mplayerc.exe, version 6.4.9.0, adresse de défaillance 0x00232a33.

Error - 2008-10-29 16:04:03 | Computer Name = LIBRE | Source = Application Error | ID = 1000
Description = Application défaillante mplayerc.exe, version 6.4.9.0, module défaillant
mplayerc.exe, version 6.4.9.0, adresse de défaillance 0x00232a33.

Error - 2008-11-06 09:26:29 | Computer Name = LIBRE | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application winword.exe, version 11.0.8227.0, stamp 486d648f,
faulting module winword.exe, version 11.0.8227.0, stamp 486d648f, debug? 0, fault
address 0x007581d9.

Error - 2008-11-06 09:55:20 | Computer Name = LIBRE | Source = Application Error | ID = 1000
Description = Application défaillante wmplayer.exe, version 9.0.0.3250, module défaillant
unknown, version 0.0.0.0, adresse de défaillance 0x051e1030.

Error - 2008-11-07 16:37:50 | Computer Name = LIBRE | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.0.3188, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 2008-11-07 23:55:32 | Computer Name = LIBRE | Source = crypt32 | ID = 131083
Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
CAB de mise à jour automatique à : <http>
avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
la vérification par rapport à l'horloge système en cours ou le tampon daté dans
le fichier signé.

Error - 2008-11-07 23:55:32 | Computer Name = LIBRE | Source = crypt32 | ID = 131083
Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
CAB de mise à jour automatique à : <http>
avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
la vérification par rapport à l'horloge système en cours ou le tampon daté dans
le fichier signé.

Error - 2008-11-08 04:46:50 | Computer Name = LIBRE | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.0.3188, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 2008-11-08 07:14:15 | Computer Name = LIBRE | Source = Application Hang | ID = 1002
Description = Application bloquée avscan.exe, version 8.1.4.7, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 2008-11-08 07:14:54 | Computer Name = LIBRE | Source = Application Hang | ID = 1002
Description = Application bloquée avscan.exe, version 8.1.4.7, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

[ Application Events ]
Error - 2008-10-29 16:02:39 | Computer Name = LIBRE | Source = Application Error | ID = 1000
Description = Application défaillante mplayerc.exe, version 6.4.9.0, module défaillant
mplayerc.exe, version 6.4.9.0, adresse de défaillance 0x00232a33.

Error - 2008-10-29 16:04:03 | Computer Name = LIBRE | Source = Application Error | ID = 1000
Description = Application défaillante mplayerc.exe, version 6.4.9.0, module défaillant
mplayerc.exe, version 6.4.9.0, adresse de défaillance 0x00232a33.

Error - 2008-11-06 09:26:29 | Computer Name = LIBRE | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application winword.exe, version 11.0.8227.0, stamp 486d648f,
faulting module winword.exe, version 11.0.8227.0, stamp 486d648f, debug? 0, fault
address 0x007581d9.

Error - 2008-11-06 09:55:20 | Computer Name = LIBRE | Source = Application Error | ID = 1000
Description = Application défaillante wmplayer.exe, version 9.0.0.3250, module défaillant
unknown, version 0.0.0.0, adresse de défaillance 0x051e1030.

Error - 2008-11-07 16:37:50 | Computer Name = LIBRE | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.0.3188, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 2008-11-07 23:55:32 | Computer Name = LIBRE | Source = crypt32 | ID = 131083
Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
CAB de mise à jour automatique à : <http>
avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
la vérification par rapport à l'horloge système en cours ou le tampon daté dans
le fichier signé.

Error - 2008-11-07 23:55:32 | Computer Name = LIBRE | Source = crypt32 | ID = 131083
Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
CAB de mise à jour automatique à : <http>
avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
la vérification par rapport à l'horloge système en cours ou le tampon daté dans
le fichier signé.

Error - 2008-11-08 04:46:50 | Computer Name = LIBRE | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.0.3188, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 2008-11-08 07:14:15 | Computer Name = LIBRE | Source = Application Hang | ID = 1002
Description = Application bloquée avscan.exe, version 8.1.4.7, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 2008-11-08 07:14:54 | Computer Name = LIBRE | Source = Application Hang | ID = 1002
Description = Application bloquée avscan.exe, version 8.1.4.7, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

[ System Events ]
Error - 2008-11-08 06:38:43 | Computer Name = LIBRE | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2008-11-08 06:40:34 | Computer Name = LIBRE | Source = Service Control Manager | ID = 7000
Description = Le service StarWind iSCSI Service n'a pas pu démarrer en raison de
l'erreur : %%2

Error - 2008-11-08 06:40:34 | Computer Name = LIBRE | Source = Service Control Manager | ID = 7000
Description = Le service Stltrk2k n'a pas pu démarrer en raison de l'erreur : %%2

Error - 2008-11-08 06:40:36 | Computer Name = LIBRE | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : SABKUTIL

Error - 2008-11-08 06:45:15 | Computer Name = LIBRE | Source = DCOM | ID = 10000
Description = Le démarrage d'un serveur DCOM : {1BA06D22-B9EE-4C61-8CD9-5FC9E9FA3264}
n'est pas possible. L'erreur : "%2" s'est produite lors du démarrage de la commande :
"E:\Program Files\Fichiers communs\Teleca Shared\Generic.exe" -Embedding

Error - 2008-11-08 06:45:20 | Computer Name = LIBRE | Source = DCOM | ID = 10000
Description = Le démarrage d'un serveur DCOM : {1BA06D22-B9EE-4C61-8CD9-5FC9E9FA3264}
n'est pas possible. L'erreur : "%2" s'est produite lors du démarrage de la commande :
"E:\Program Files\Fichiers communs\Teleca Shared\Generic.exe" -Embedding

Error - 2008-11-08 06:45:25 | Computer Name = LIBRE | Source = DCOM | ID = 10000
Description = Le démarrage d'un serveur DCOM : {1BA06D22-B9EE-4C61-8CD9-5FC9E9FA3264}
n'est pas possible. L'erreur : "%2" s'est produite lors du démarrage de la commande :
"E:\Program Files\Fichiers communs\Teleca Shared\Generic.exe" -Embedding

Error - 2008-11-08 06:45:30 | Computer Name = LIBRE | Source = DCOM | ID = 10000
Description = Le démarrage d'un serveur DCOM : {1BA06D22-B9EE-4C61-8CD9-5FC9E9FA3264}
n'est pas possible. L'erreur : "%2" s'est produite lors du démarrage de la commande :
"E:\Program Files\Fichiers communs\Teleca Shared\Generic.exe" -Embedding

Error - 2008-11-08 06:45:35 | Computer Name = LIBRE | Source = DCOM | ID = 10000
Description = Le démarrage d'un serveur DCOM : {1BA06D22-B9EE-4C61-8CD9-5FC9E9FA3264}
n'est pas possible. L'erreur : "%2" s'est produite lors du démarrage de la commande :
"E:\Program Files\Fichiers communs\Teleca Shared\Generic.exe" -Embedding

Error - 2008-11-08 06:45:40 | Computer Name = LIBRE | Source = DCOM | ID = 10000
Description = Le démarrage d'un serveur DCOM : {1BA06D22-B9EE-4C61-8CD9-5FC9E9FA3264}
n'est pas possible. L'erreur : "%2" s'est produite lors du démarrage de la commande :
"E:\Program Files\Fichiers communs\Teleca Shared\Generic.exe" -Embedding


<End>
Narbonne
 
Messages: 8
Inscription: 06 Mar 2008, 08:27

Messagede Narbonne » 08 Nov 2008, 17:24

nickW a écrit:Bonjour,

Combien d'heures vais-je passer à nettoyer ce PC dont le propriétaire utilise ce genre de choses:

Dream_Crack By Dj Nilo.exe
Acoustica.Mixcraft.2.5-KeyGen_CiM
Pure.Networks.Network.Magic.Premium.Edition.v4.1.7082.0.WinXPVista.Retail-ARN


Une petite note ici, ceci n'est mon ordinateur que depuis quelques heures. Je ne suis pas un propriétaire naif qui utilise des programmes malveillant. Je me soucis beaucoup de la sécurité.

Tu peux me dire si les 2 derniers logs sont convenable ? (J'ai de la difficulté à aller sur la session admin).

merci encore de ton aide
Narbonne
 
Messages: 8
Inscription: 06 Mar 2008, 08:27

Messagede nickW » 09 Nov 2008, 01:45

Bonsoir,

Vas-tu, comme lors de ton sujet précédent, ne pas daigner me répondre après l'envoi de la procédure de nettoyage?


Pourquoi n'as-tu pas suivi mes instructions: Enregistrer le fichier OTListIt.exe sur le Bureau?


Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec)
Sous Windows XP, pour vérifier si un compte a les droits "Administrateur":
Démarrer---->Paramètres---->Panneau de configuration---->Comptes d'utilisateurs
A côté de l'icône représentant certains comptes (hormis celui nommé "Administrateur"), il est indiqué "Administrateur de l'ordinateur"
C'est l'un de ces comptes qu'il faudra utiliser.



Étape 1: HostsXpert (de FunkyToad)
Télécharger HostsXpert.zip depuis la page:
http://www.funkytoad.com/index.php?opti ... 13&Itemid=
(cliquer sur Click Here to download HostsXpert)
Enregistrer le fichier sur le Bureau.
Décompresser la totalité de l'archive HostsXpert.zip (sous XP: clic droit, puis Extraire tout).

Dans l'Explorateur, ouvrir le dossier HostsXpert qui vient d'être créé sur le Bureau.

Faire un double clic sur HostsXpert.exe pour lancer le programme.

*- Dans la colonne de gauche, sous "File Handling", vérifier que le premier bouton affiche "Make ReadOnly?", comme ceci:
Image
Si ce premier bouton affiche "Make Writable?", cliquer une fois dessus de façon à ce qu'il affiche "Make ReadOnly?"

*- Dans la colonne de gauche, cliquer sur le bouton "Restore MS Hosts File"
Image
Dans la petite fenêtre intitulée "Confirm", cliquer sur OK

*- Dans la colonne de gauche, cliquer sur le premier bouton de façon à ce qu'il affiche "Make Writable?", comme ceci:
Image

*- Fermer HostsXpert.


Étape 2: Création du fichier reparlsa.reg
Ouvrir une înstance du Bloc-notes: Démarrer---->Exécuter, taper notepad puis cliquer sur OK.
Faire un copier/coller des lignes ci-dessous (dans la zone blanche située sous "Code:") dans la fenêtre du Bloc-notes qui vient d'être ouverte.
Dans le Bloc-notes, vérifier (dans le menu Format) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom de reparlsa.reg
Attention no 1: Il y a une ligne blanche après la dernière ligne
Attention no 2: l'extension doit être .reg , choisir "Tous les fichiers" dans la liste déroulante de "Type" lors du "Enregistrer sous.."
Si l'extension est .reg.txt, renommer le fichier en .reg
Code: Tout sélectionner
REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00



Fermer le Bloc-notes.


Étape 3: OTMoveIt3 (de OldTimer)
Télécharger OTMoveIt3 via un clic droit sur le lien ci-dessous:
http://oldtimer.geekstogo.com/OTMoveIt3.exe
Enregistrer le fichier sur le Bureau.

Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK
Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C
Code: Tout sélectionner
rien
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3711EEB0-1851-42C2-9ABD-C29470A5035C}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5bf49a2-94f3-42bd-f434-3604812c897d}]

:Files
E:\WINDOWS\system32\qoMcbaWQ.dll
E:\WINDOWS\system32\rqRIccCU
E:\WINDOWS\System32\UCccIRqr.ini
E:\WINDOWS\System32\drivers\582b492.sys
E:\WINDOWS\System32\jsne87fidgf.dll

:Commands
[emptytemp]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom OTfichiers.txt
Fermer le Bloc-notes.
Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 4: Malwarebytes' Anti-Malware, installation
Télécharger Malwarebytes' Anti-Malware depuis l'un des liens ci-dessous:
http://www.besttechie.net/tools/mbam-setup.exe
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Enregistrer ce fichier sur le Bureau.
Faire un double clic sur mbam-setup.exe pour lancer l'installation (Accepter le contrat de licence, puis valider les options par défaut).
Sur le dernier écran de la procédure d'installation, cocher la case située devant "Mettre à jour Malwarebytes' Anti-Malware", puis cliquer sur le bouton "Terminer".


Étape 5: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "AntiVir Guard enable"


Étape 6: Utilisation du fichier reparlsa.reg
Faire un clic droit sur reparlsa.reg, puis dans le menu contextuel choisir Fusionner et accepter la fusion dans le Registre.


Étape 7: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats".

Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection"
Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 8: OTMoveIt3 (de OldTimer)
Faire un double clic sur OTMoveIt3.exe pour lancer l'outil.
Ouvrir le fichier OTfichiers.txt dans le Bloc-notes.
En sélectionner toutes les lignes puis appuyer simultanément sur les touches Ctrl et C

Retourner dans la fenêtre de OTMoveIt3, faire un clic droit dans la fenêtre située sur la gauche nommée "Paste Instructions for Items to be Moved"
Image et choisir Coller.

Cliquer sur le bouton MoveIt!: Image
Attendre la fin du travail de l'outil puis fermer OTMoveIt3.
Note: Un redémarrage est parfois nécessaire. S'il est demandé, cliquer sur Oui/Yes


Étape 9: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 10: OTListIt (de OldTimer)
Fermer toutes les fenêtres de programme ouvertes.

Supprimer les deux fichiers OTListIt.txt et Extras.txt présents sur le Bureau.

Faire un double clic sur OTListIt.exe pour lancer l'outil.
Cocher la case située devant Scan All Users.
Cliquer sur le bouton Run Scan et laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant l'un des deux rapports.
Fermer le Bloc-notes.
Le second rapport est visible dans la Barre des tâches. Le fermer également.
Fermer la fenêtre de OTListIt.


Étape 11: Résultats
Envoyer en réponse:
*- le log de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-*-**-**** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs / *-**-**** (**-**-**) représente la date [mois-jour-année] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de OTMoveIt3 (contenu du fichier Lecteur\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[Lecteur représente la partition depuis laquelle OTMoveIt3 a été lancé, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du log):
*- le rapport principal de OTListIt (contenu du fichier OTListIt.txt situé sur le Bureau).

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France


Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 28 invités