[OK] demande d'aide Trojans et ....

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Messagede nickW » 05 Déc 2008, 01:25

Bonsoir,

Il est préférable d'utiliser ton PC le moins possible.


La suite du nettoyage:

Étape 1: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image McAfee Antivirus: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), choisir "Exit" et confirmer


Étape 2: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats".

Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection"
Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 3: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 4: OTListIt (de OldTimer)
Fermer toutes les fenêtres de programme ouvertes.

Supprimer les deux fichiers OTListIt.txt et Extras.txt présents sur le Bureau.

Faire un double clic sur OTListIt.exe pour lancer l'outil.

Cocher la case située devant Scan All Users.
Cliquer sur le bouton Run Scan et laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant l'un des deux rapports.
Fermer le Bloc-notes.
Le second rapport est visible dans la Barre des tâches. Le fermer également.
Fermer la fenêtre de OTListIt.


Étape 5: Résultats
Envoyer en réponse:
*- le log de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-*-**-**** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs / *-**-**** (**-**-**) représente la date [mois-jour-année] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans deux messages distincts (à cause de la longueur des logs):
*- les deux rapports de OTListIt (contenu des fichiers OTListIt.txt et Extras.txt situés sur le Bureau).
Les rapports envoyés sur le forum doivent se terminer par une ligne contenant <End>. Si ce n'est pas le cas, ils sont incomplets, et doivent alors être découpés en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede zagato38 » 05 Déc 2008, 13:12

Bonjour,

Voici les trois analyses demandées

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1460
Windows 5.1.2600 Service Pack 3

05/12/2008 13:00:05
mbam-log-2008-12-05 (13-00-05).txt

Type de recherche: Examen rapide
Eléments examinés: 65629
Temps écoulé: 5 minute(s), 36 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\ntdll64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
zagato38
 
Messages: 26
Inscription: 01 Déc 2008, 20:22
Localisation: gRENOBLE

Messagede zagato38 » 05 Déc 2008, 13:13

OTLISIT

OTListIt logfile created on: 05/12/2008 13:07:40 - Run 2
OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Florent\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1023,48 Mb Total Physical Memory | 470,29 Mb Available Physical Memory | 45,95% Memory free
2,40 Gb Paging File | 2,02 Gb Available in Paging File | 84,08% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 51,22 Gb Free Space | 34,36% Space Free | Partition Type: NTFS
Drive D: | 347,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 76,31 Gb Total Space | 15,59 Gb Free Space | 20,43% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FLO-D432C58BC2A
Current User Name: Florent
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/12/13 18:27:10 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2004/09/22 19:00:00 | 00,094,208 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\shstat.exe
[2004/08/06 02:50:00 | 00,139,320 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
[2003/10/07 08:48:56 | 00,147,514 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
[2005/03/24 00:26:09 | 00,217,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
[2007/04/20 16:52:32 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
[2007/08/24 06:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[2006/12/08 21:22:51 | 00,512,000 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis3a.exe
[2007/12/20 16:16:24 | 00,037,376 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
[2007/04/03 17:50:00 | 01,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
[2007/02/04 11:02:14 | 00,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
[2007/12/13 18:27:10 | 00,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
[2007/02/09 09:28:38 | 00,072,704 | ---- | M] (Autodata Limited) -- C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
[2008/11/20 12:31:46 | 00,297,327 | ---- | M] () -- C:\WINDOWS\system32\SpywareRemover.exe
[2004/08/06 02:50:00 | 00,102,463 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
[2004/04/23 13:28:00 | 00,077,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Profiler\LWEMon.exe
[2008/08/23 06:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2004/09/22 19:00:00 | 00,221,191 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe
[2004/08/06 02:50:00 | 00,237,623 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
[2004/09/22 19:00:00 | 00,028,672 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
[2005/12/14 13:51:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2007/11/29 21:34:38 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2008/04/14 03:34:28 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/12/03 12:44:22 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Florent\Bureau\OTListIt.exe

========== (O23) Win32 Services ==========

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2006/08/09 18:10:21 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2005/09/23 06:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/02/09 09:28:38 | 00,072,704 | ---- | M] (Autodata Limited) -- C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe -- (Autodata Limited License Service [Auto | Running])
[2005/09/23 06:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2004/08/06 02:50:00 | 00,102,463 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
[2004/09/22 19:00:00 | 00,221,191 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe -- (McShield [Auto | Running])
[2004/09/22 19:00:00 | 00,028,672 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe -- (McTaskManager [Auto | Running])
[2007/08/24 05:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
[2005/12/14 13:51:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/11/29 21:34:38 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2007/12/13 18:27:10 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
[2006/11/03 08:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2004/11/17 12:05:38 | 02,297,664 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2004/09/18 13:17:42 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\Dorine\Local Settings\Temp\cdrmkaun.sys -- (cdrmkaun [On_Demand | Stopped])
[2005/01/02 02:10:37 | 00,026,240 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL [On_Demand | Running])
[2005/01/02 02:07:05 | 00,009,728 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO [Auto | Running])
[2005/01/02 02:11:43 | 00,003,968 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay [On_Demand | Running])
[2003/12/31 10:35:16 | 00,018,848 | ---- | M] (FreeBox SA) -- C:\WINDOWS\system32\drivers\fbxusb.sys -- (fbxusb [On_Demand | Stopped])
[2008/04/13 19:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2008/04/13 19:45:32 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gckernel.sys -- (GcKernel [On_Demand | Stopped])
[2001/08/17 22:02:32 | 00,008,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame [On_Demand | Stopped])
[2001/08/17 22:02:50 | 00,002,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd [On_Demand | Stopped])
[2008/04/14 03:05:15 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2007/07/19 14:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2001/08/17 22:02:40 | 00,035,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msgame.sys -- (msgame [On_Demand | Stopped])
[2001/08/17 23:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
[2004/08/13 03:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])
[2004/09/22 19:00:00 | 00,108,256 | ---- | M] (Network Associates, Inc.) -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1 [On_Demand | Running])
[2004/09/22 19:00:00 | 00,058,048 | ---- | M] (Network Associates, Inc.) -- C:\WINDOWS\system32\drivers\mvstdi5x.sys -- (NaiAvTdi1 [System | Running])
[2005/12/14 13:51:00 | 03,580,480 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2005/04/05 20:22:28 | 00,033,536 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2005/04/05 20:22:30 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2005/03/15 10:45:20 | 00,020,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32 [On_Demand | Running])
[2006/12/10 10:34:48 | 00,114,496 | ---- | M] (Protection Technology Co.) -- C:\WINDOWS\system32\drivers\prodrv04.sys -- (prodrv04 [System | Running])
[2004/08/09 12:29:28 | 00,053,920 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\prodrv06.sys -- (prodrv06 [System | Running])
[2004/08/09 12:33:26 | 00,114,016 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\prohlp02.sys -- (prohlp02 [Boot | Running])
[2004/07/19 15:49:54 | 00,007,040 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\prosync1.sys -- (prosync1 [Boot | Running])
[2002/08/30 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 22:05:16 | 00,028,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\OVCD.sys -- (QCDonner [On_Demand | Stopped])
[2007/11/13 11:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2005/08/10 13:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
[2003/12/01 16:20:52 | 00,004,832 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfhlp01.sys -- (sfhlp01 [Boot | Running])
[2005/05/16 14:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
[2005/12/06 16:11:18 | 00,035,328 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfsync03.sys -- (sfsync03 [Boot | Running])
[2007/10/18 19:18:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
[2007/07/19 14:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (TSP [On_Demand | Stopped])
[2007/12/13 18:27:14 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [System | Running])
[2004/04/14 10:08:00 | 00,010,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum [On_Demand | Running])
[2004/04/14 10:08:00 | 00,021,280 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter [On_Demand | Stopped])
[2004/04/14 10:08:00 | 00,005,600 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid [On_Demand | Stopped])
[2004/04/14 10:08:00 | 00,044,064 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore [On_Demand | Running])
[2004/09/22 19:00:00 | 00,008,320 | ---- | M] (Network Associates, Inc) -- C:\WINDOWS\system32\drivers\EntDrv51.sys -- (EntDrv51 [On_Demand | Running])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



HKU\S-1-5-21-789336058-1383384898-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKU\S-1-5-21-789336058-1383384898-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-789336058-1383384898-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
HKU\S-1-5-21-789336058-1383384898-682003330-1003\S-1-5-21-789336058-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (47 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Copernic Agent) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O3 - HKCU\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O3 - HKU\S-1-5-21-789336058-1383384898-682003330-1003\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-789336058-1383384898-682003330-1003\..\Toolbar: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon (CANON INC.)
O4 - HKLM..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s (SlySoft, Inc.)
O4 - HKLM..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay (Elaborate Bytes AG)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey (Network Associates, Inc.)
O4 - HKLM..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" (Network Associates, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" (Nuance Communications, Inc.)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM (FinePrint Software, LLC)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE (Network Associates, Inc.)
O4 - HKLM..\Run: [SpywareCleaner] C:\WINDOWS\system32\SpywareRemover.exe ()
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC)
O4 - HKCU..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui (Logitech Inc.)
O4 - HKCU..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter File not found
O4 - HKU\S-1-5-21-789336058-1383384898-682003330-1003..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui (Logitech Inc.)
O4 - HKU\S-1-5-21-789336058-1383384898-682003330-1003..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Christelle\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\Florent\Menu Démarrer\Programmes\Démarrage\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKU\S-1-5-21-789336058-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\S-1-5-21-789336058-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\NPJPI150_08.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://www.mypix.com/fr/fr/importer/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} http://asp03.photoprintit.de/microsite/ ... loader.cab (IPSUploader Control)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://www.mypix.com/fr/fr/importer/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key does not exist or could not be opened.)
O18 - Protocol\Handler: - copernicagent - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler: - copernicagentcache - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler: - grooveLocalGWS - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-help - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autorun.exe [MZ | ]
[2004/11/11 17:48:23 | 07,127,040 | R--- | M] (FIRAXIS Games, Inc.) -- D:\autorun.exe -- [ CDFS ]

autorun.inf [[autorun] | OPEN=autorun.exe | ]
[2004/08/24 10:33:16 | 00,000,027 | R--- | M] () -- D:\autorun.inf -- [ CDFS ]

AUTOEXEC.BAT []
[2005/11/11 09:41:54 | 00,000,000 | ---- | M] () -- E:\AUTOEXEC.BAT -- [ FAT32 ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[18 C:\WINDOWS\*.tmp files]
[2008/12/04 22:17:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Florent\Application Data\Malwarebytes
[2008/12/04 22:17:43 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/04 22:17:43 | 00,000,713 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2008/12/04 22:17:40 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/04 22:17:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/04 22:17:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/04 22:16:37 | 02,539,400 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Florent\Bureau\mbam-setup.exe
[2008/12/03 12:45:00 | 00,418,304 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Florent\Bureau\OTListIt.exe
[2008/12/02 19:36:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Florent\Mes documents\Fichiers nettoyage
[2008/12/02 19:23:16 | 00,000,647 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Navilog1.lnk
[2008/12/02 19:23:16 | 00,000,000 | ---D | C] -- C:\Program Files\Navilog1
[2008/12/02 07:30:16 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2008/11/29 09:39:10 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2008/11/29 09:30:19 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\uniq.tll
[2008/11/28 17:21:29 | 00,001,751 | ---- | C] () -- C:\Documents and Settings\Florent\Bureau\HijackThis.lnk
[2008/11/28 17:21:29 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/11/28 17:17:39 | 00,571,060 | ---- | C] (IL-MAFIOSO ) -- C:\Documents and Settings\Florent\Bureau\Navilog1.exe
[2008/11/28 17:17:17 | 01,581,780 | ---- | C] () -- C:\Documents and Settings\Florent\Bureau\SmitfraudFix.exe
[2008/11/28 17:12:23 | 00,001,565 | ---- | C] () -- C:\Documents and Settings\Florent\Bureau\CCleaner.lnk
[2008/11/28 17:12:22 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/11/28 11:55:13 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\test.ttt
[2008/11/26 22:04:15 | 00,000,950 | ---- | C] () -- C:\Documents and Settings\Florent\Bureau\Spybot - Search & Destroy.lnk
[2008/11/26 22:04:04 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/11/26 22:04:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/11/26 21:55:44 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2008/11/26 21:47:05 | 00,000,828 | ---- | C] () -- C:\Documents and Settings\Florent\Bureau\Ad-Aware.lnk
[2008/11/26 20:46:30 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2008/11/25 21:17:20 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/11/25 21:17:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/11/25 21:03:49 | 00,000,000 | ---D | C] -- C:\Program Files\AdwareSpywareScannerDeleter
[2008/11/25 20:30:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Florent\Application Data\Leadertech
[2008/11/25 20:15:44 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2008/11/25 20:15:44 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2008/11/25 20:15:42 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2008/11/25 20:15:40 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2008/11/25 20:15:38 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2008/11/25 20:15:36 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2008/11/25 20:15:34 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2008/11/25 20:15:32 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2008/11/25 20:15:30 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2008/11/25 20:15:29 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2008/11/25 20:15:27 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2008/11/25 20:15:27 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2008/11/25 20:15:25 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2008/11/25 20:15:23 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2008/11/25 20:15:20 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2008/11/25 20:15:20 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2008/11/25 20:15:18 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2008/11/25 20:15:16 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2008/11/25 20:15:13 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2008/11/25 20:15:13 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2008/11/25 20:15:11 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2008/11/25 20:14:47 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2008/11/25 20:14:46 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2008/11/25 20:14:45 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2008/11/25 20:14:45 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2008/11/25 20:14:44 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2008/11/25 20:14:43 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2008/11/25 20:13:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2008/11/20 12:31:46 | 00,297,327 | ---- | C] () -- C:\WINDOWS\System32\SpywareRemover.exe
[2008/11/12 10:41:11 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/11/12 10:40:35 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2008/11/09 13:58:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Florent\Mes documents\DL 9-11-2008


========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[18 C:\WINDOWS\*.tmp files]
[2008/12/05 13:05:50 | 00,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/05 13:04:59 | 00,061,465 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/12/05 13:04:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/05 13:04:49 | 00,358,895 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/12/05 13:04:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/05 13:03:16 | 09,039,904 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/12/05 13:03:16 | 00,091,004 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/12/04 22:17:43 | 00,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2008/12/04 22:16:51 | 02,539,400 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Florent\Bureau\mbam-setup.exe
[2008/12/03 19:52:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:52:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/03 12:44:22 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Florent\Bureau\OTListIt.exe
[2008/12/02 19:47:02 | 00,071,592 | ---- | M] () -- C:\Documents and Settings\Florent\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/02 19:23:16 | 00,000,647 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Navilog1.lnk
[2008/12/02 19:19:15 | 00,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2008/12/02 07:24:58 | 00,172,544 | ---- | M] () -- C:\Documents and Settings\Florent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/29 09:30:19 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\test.ttt
[2008/11/29 09:30:19 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\uniq.tll
[2008/11/28 17:42:36 | 02,199,606 | ---- | M] () -- C:\WINDOWS\ACD Wallpaper.bmp
[2008/11/28 17:21:29 | 00,001,751 | ---- | M] () -- C:\Documents and Settings\Florent\Bureau\HijackThis.lnk
[2008/11/28 17:17:34 | 00,571,060 | ---- | M] (IL-MAFIOSO ) -- C:\Documents and Settings\Florent\Bureau\Navilog1.exe
[2008/11/28 17:17:16 | 01,581,780 | ---- | M] () -- C:\Documents and Settings\Florent\Bureau\SmitfraudFix.exe
[2008/11/28 17:12:23 | 00,001,565 | ---- | M] () -- C:\Documents and Settings\Florent\Bureau\CCleaner.lnk
[2008/11/26 22:04:15 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Florent\Bureau\Spybot - Search & Destroy.lnk
[2008/11/26 21:47:05 | 00,000,828 | ---- | M] () -- C:\Documents and Settings\Florent\Bureau\Ad-Aware.lnk
[2008/11/26 21:42:20 | 00,275,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/26 16:11:58 | 00,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/11/26 15:49:47 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\Florent\Local Settings\Application Data\IconCache.db
[2008/11/20 12:31:46 | 00,297,327 | ---- | M] () -- C:\WINDOWS\System32\SpywareRemover.exe

<End>
zagato38
 
Messages: 26
Inscription: 01 Déc 2008, 20:22
Localisation: gRENOBLE

Messagede zagato38 » 05 Déc 2008, 13:14

Extra

OTListIt Extras logfile created on: 05/12/2008 13:07:40 - Run 2
OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Florent\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1023,48 Mb Total Physical Memory | 470,29 Mb Available Physical Memory | 45,95% Memory free
2,40 Gb Paging File | 2,02 Gb Available in Paging File | 84,08% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 51,22 Gb Free Space | 34,36% Space Free | Partition Type: NTFS
Drive D: | 347,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 76,31 Gb Total Space | 15,59 Gb Free Space | 20,43% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FLO-D432C58BC2A
Current User Name: Florent
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/05/21 03:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2007/08/28 23:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
[2008/05/21 04:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
[2008/04/14 03:34:13 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb
File not found -- C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray
File not found -- C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client
[2006/10/13 17:20:08 | 20,058,152 | ---- | M] () -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0297C87B-CC40-446F-865A-031B4FC0CF22}" = Race Driver 3
"{0C321D1F-2262-42C2-94C5-5E5765507C72}" = Star Wars Starfighter
"{0E0DEE51-07F5-4EB6-9E14-73498515D13F}" = Lafuma Unlimit
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{1AB93ECB-2985-4CA8-807A-913AF340ABE8}" = 7000 Lettres et Courriers Types
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}" = Need for Speed™ ProStreet
"{31B8F5FD-D3D7-11D8-B732-00C04F4351FF}" = GdgAnglaisCe
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{4DCA2739-9D16-4B55-808C-E72CD70A5BD3}" = McAfee VirusScan Enterprise
"{5B39603F-2A77-40E6-950D-ED7B8307933D}" = Microsoft IntelliPoint 5.3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75569133-FD58-4F54-B622-9193EC7B6000}" = LITTLEST PET SHOP
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_ENTERPRISE_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_ENTERPRISE_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_ENTERPRISE_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_ENTERPRISE_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_ENTERPRISE_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_ENTERPRISE_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_ENTERPRISE_{5A2F65A4-808F-4A1E-973E-92E17824982D}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_ENTERPRISE_{B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_ENTERPRISE_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_ENTERPRISE_{EC50B538-CBE1-42E6-B7FE-87AA540AADFB}" = Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_ENTERPRISE_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2007
"{90120000-00BA-040C-0000-0000000FF1CE}_ENTERPRISE_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{AC76BA86-7AD7-1036-7B44-A71000000002}" = Adobe Reader 7.1.0 - Français
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software
"{BAF5914B-5730-4373-B038-9F436AC6A0D6}" = Rayman3
"{DD54C6DE-B787-406D-A5A7-A49E0471E45B}" = ACDSee 8
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EB64DD0C-3C22-4D6B-A6FE-3ECB1EA6C98E}" = Musetools NT
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adware Spyware Scanner Deleter_is1" = Adware Spyware Scanner Deleter version 0.2
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"CloneCD" = CloneCD
"CloneDVD" = CloneDVD
"CloneDVD2" = CloneDVD2
"Copernic Agent Basic" = Copernic Agent Basic
"dBpowerAMP CD Writer" = dBpowerAMP CD Writer
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Electronic Arts Game Updater" = Electronic Arts Game Updater
"eMule" = eMule
"Enregistrement utilisateur de Canon MP210 series" = Enregistrement utilisateur de Canon MP210 series
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Exact Audio Copy" = Exact Audio Copy 0.95b4
"FeedReader_is1" = FeedReader
"FLAC" = FLAC Installer 1.1.2a (remove only)
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.6.3
"Free.fr" = Free - Kit de connexion
"GrabIt_is1" = GrabIt 1.6.2 Beta (build 940)
"Grids" = Grids
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Indeo® software" = Indeo® software
"InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"Lemmings Revolution" = Lemmings Revolution
"LucasArts' Star Wars: Episode I Racer" = Star Wars: Episode I Racer de LucasArts
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Monkey's Audio_is1" = Monkey's Audio
"Mozilla Firefox (2.0.0.4)" = Mozilla Firefox (2.0.0.4)
"Mozilla Thunderbird (2.0.0.18)" = Mozilla Thunderbird (2.0.0.18)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Navilog1_is1" = Navilog1 3.6.9
"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition
"NeroVision!UninstallKey" = NeroVision Express 3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"pdfFactory Pro" = pdfFactory Pro
"PhotoFiltre" = PhotoFiltre
"PokerAcademyPro2" = Poker Academy Pro 2
"PokerStars" = PokerStars
"QuickPar" = QuickPar 0.9
"QuickTime" = QuickTime
"RealArcade 1.2" = RealArcade
"RealPlayer 6.0" = RealPlayer
"Satsuki Decoder Pack" = Satsuki Decoder Pack
"Skype_is1" = Skype 2.5
"SONICADVDX" = SONIC ADVENTURE DX-Director's Cut
"TmUnited_is1" = TrackMania United 0.2.0.0
"Winamp" = Winamp
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/11/2008 15:05:44 | Computer Name = FLO-D432C58BC2A | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Le fichier C:\System Volume Information\_restore{760F8A70-36F1-4FA9-9DB7-C937D3B57242}\RP653\A0265571.exe
est infecté par le virus Generic.dx (Cheval de Troie). La suppression du fichier
a réussi.(ordinateur source FLO-D432C58BC2A, adresse IP 88.179.86.2, utilisateur
FLO-D432C58BC2A, exécution de VirusScan Enter 8.0 - OAS)

Error - 01/12/2008 19:27:28 | Computer Name = FLO-D432C58BC2A | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Le fichier C:\quarantine\A0253892.dll.Vir.vir
est infecté par le virus New Malware.ja (Cheval de Troie). Détecté à l'aide du
moteur d'analyse 5300, version des fichiers DAT 5450.(ordinateur source FLO-D432C58BC2A,
adresse IP 88.179.86.2, utilisateur FLO-D432C58BC2A, exécution de VirusScan Enter
8.0 - OAS)

Error - 01/12/2008 19:27:28 | Computer Name = FLO-D432C58BC2A | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Le fichier C:\quarantine\A0253892.dll.Vir.vir
est infecté par le virus New Malware.ja (Cheval de Troie). Aucun nettoyeur disponible,
mise en quarantaine réussie. Le virus a été détecté par le moteur d'analyse. Version
du moteur : 5300. Version des fichiers DAT : 5450.(ordinateur source FLO-D432C58BC2A,
adresse IP 88.179.86.2, utilisateur FLO-D432C58BC2A, exécution de VirusScan Enter
8.0 - OAS)

Error - 01/12/2008 19:27:28 | Computer Name = FLO-D432C58BC2A | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Le fichier C:\quarantine\tmunite.dll.Vir est
infecté par le virus New Malware.ja (Cheval de Troie). Détecté à l'aide du moteur
d'analyse 5300, version des fichiers DAT 5450.(ordinateur source FLO-D432C58BC2A,
adresse IP 88.179.86.2, utilisateur FLO-D432C58BC2A, exécution de VirusScan Enter
8.0 - OAS)

Error - 01/12/2008 19:27:28 | Computer Name = FLO-D432C58BC2A | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Le fichier C:\quarantine\tmunite.dll.Vir est
infecté par le virus New Malware.ja (Cheval de Troie). Aucun nettoyeur disponible,
mise en quarantaine réussie. Le virus a été détecté par le moteur d'analyse. Version
du moteur : 5300. Version des fichiers DAT : 5450.(ordinateur source FLO-D432C58BC2A,
adresse IP 88.179.86.2, utilisateur FLO-D432C58BC2A, exécution de VirusScan Enter
8.0 - OAS)

Error - 01/12/2008 20:13:09 | Computer Name = FLO-D432C58BC2A | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Le fichier E:\System Volume Information\_restore{760F8A70-36F1-4FA9-9DB7-C937D3B57242}\RP652\A0265220.exe
est infecté par le virus Generic.dx (Cheval de Troie). La suppression du fichier
a réussi.(ordinateur source FLO-D432C58BC2A, adresse IP 88.179.86.2, utilisateur
FLO-D432C58BC2A, exécution de VirusScan Enter 8.0 - OAS)

Error - 02/12/2008 14:22:18 | Computer Name = FLO-D432C58BC2A | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Le fichier C:\Program Files\Navilog1\is-BM4N2.tmp
est infecté par le virus Generic.dx (Cheval de Troie). La suppression du fichier
a réussi.(ordinateur source FLO-D432C58BC2A, adresse IP 88.179.86.2, utilisateur
FLO-D432C58BC2A, exécution de VirusScan Enter 8.0 - OAS)

Error - 02/12/2008 14:22:42 | Computer Name = FLO-D432C58BC2A | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Le fichier C:\Program Files\Navilog1\is-4V0IO.tmp
est infecté par le virus Generic.dx (Cheval de Troie). La suppression du fichier
a réussi.(ordinateur source FLO-D432C58BC2A, adresse IP 88.179.86.2, utilisateur
FLO-D432C58BC2A, exécution de VirusScan Enter 8.0 - OAS)

Error - 03/12/2008 07:45:26 | Computer Name = FLO-D432C58BC2A | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Le fichier C:\Program Files\Navilog1\gnc.exe
est infecté par le virus Generic.dx (Cheval de Troie). La suppression du fichier
a réussi.(ordinateur source FLO-D432C58BC2A, adresse IP 88.179.86.2, utilisateur
FLO-D432C58BC2A, exécution de VirusScan Enter 8.0 - OAS)

Error - 03/12/2008 09:13:46 | Computer Name = FLO-D432C58BC2A | Source = McLogEvent | ID = 5051
Description = Il a fallu plus de 90000 minutes à la thread active C:\Program Files\Network
Associates\VirusScan\Mcshield.exe pour répondre à une requête. Le processus sera
interrompu. ID de la thread : 2224 (0x8b0) Adresse de la thread : 0x7C91E4F4 Message
de la thread : Build Aug 20 2004 04:46:11 / 5300.2777 Object being scanned = Process
1052 by McShield.exe 20039(1343)(0) 20038(1343)(32) 20039(1218)(0) 20038(1218)(32)

20039(1218)(0) 20038(1218)(32) 20039(1218)(0) 20038(1218)(32)

[ System Events ]
Error - 04/12/2008 12:37:40 | Computer Name = FLO-D432C58BC2A | Source = DCOM | ID = 10010
Description = Le serveur {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 04/12/2008 12:39:40 | Computer Name = FLO-D432C58BC2A | Source = DCOM | ID = 10010
Description = Le serveur {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 04/12/2008 13:09:40 | Computer Name = FLO-D432C58BC2A | Source = DCOM | ID = 10010
Description = Le serveur {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 04/12/2008 13:11:40 | Computer Name = FLO-D432C58BC2A | Source = DCOM | ID = 10010
Description = Le serveur {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 04/12/2008 13:41:40 | Computer Name = FLO-D432C58BC2A | Source = DCOM | ID = 10010
Description = Le serveur {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 04/12/2008 13:43:40 | Computer Name = FLO-D432C58BC2A | Source = DCOM | ID = 10010
Description = Le serveur {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 04/12/2008 14:13:41 | Computer Name = FLO-D432C58BC2A | Source = DCOM | ID = 10010
Description = Le serveur {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 04/12/2008 14:15:41 | Computer Name = FLO-D432C58BC2A | Source = DCOM | ID = 10010
Description = Le serveur {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 04/12/2008 14:45:41 | Computer Name = FLO-D432C58BC2A | Source = DCOM | ID = 10010
Description = Le serveur {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 04/12/2008 14:47:41 | Computer Name = FLO-D432C58BC2A | Source = DCOM | ID = 10010
Description = Le serveur {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.


<End>
zagato38
 
Messages: 26
Inscription: 01 Déc 2008, 20:22
Localisation: gRENOBLE

Messagede zagato38 » 05 Déc 2008, 13:15

A noter également que mon PC est assez lent
- très lent pour fermer WIndows et rebooter
- lent pour charger ZoneAlarm et Virscan ...
- et globalement pour lancer les appli.

Merci

A bientôt.
zagato38
 
Messages: 26
Inscription: 01 Déc 2008, 20:22
Localisation: gRENOBLE

Messagede nickW » 06 Déc 2008, 00:56

Bonsoir,

Nouvelles manips:


Étape 1: ERUNT (de Lars Hederer)
Télécharger ERUNT depuis la page: http://www.larshederer.homepage.t-online.de/erunt/
Sous Download ERUNT:, télécharger erunt-setup.exe
Télécharger également le fichier de langue française: sous French télécharger le fichier erunt-loc_fr.zip

Installer ERUNT en faisant un double clic sur erunt-setup.exe
Décompresser l'archive erunt-loc_fr.zip (sous XP, clic droit puis Extraire tout) et placer les fichiers extraits dans le dossier d'installation de ERUNT.

Lancer ERUNT par un double clic sur ERUNT.EXE
Sur le message de Bienvenue, cliquer sur OK
Dans la fenêtre intitulée "ERU pour Windows NT", cocher toutes les options de sauvegarde (Registre système, Registre utilisateur courant et Autres registres utilisateur)
Cliquer ensuite sur OK
Accepter la création du dossier (dans le dossier Windows\ERDNT\) en cliquant sur Oui.
Attendre la fin de la sauvegarde, signalée par le message "Sauvegarde du registre effectuée", et cliquer sur OK.


Étape 2: OTMoveIt3 (de OldTimer)
Télécharger OTMoveIt3 via un clic droit sur le lien ci-dessous:
http://oldtimer.geekstogo.com/OTMoveIt3.exe
Enregistrer le fichier sur le Bureau.

Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK
Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien
:Processes
explorer.exe

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareCleaner"=-

:Files
C:\WINDOWS\System32\frmwrk32.exe
C:\WINDOWS\System32\uniq.tll
C:\WINDOWS\System32\test.ttt
C:\WINDOWS\System32\SpywareRemover.exe

:Commands
[emptytemp]
[start explorer]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom OTMI-1.txt
Fermer le Bloc-notes.
Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 3: OTMoveIt3 (de OldTimer)
Faire un double clic sur OTMoveIt3.exe pour lancer l'outil.
Ouvrir le fichier OTMI-1.txt dans le Bloc-notes.
En sélectionner toutes les lignes puis appuyer simultanément sur les touches Ctrl et C

Retourner dans la fenêtre de OTMoveIt3, faire un clic droit dans la fenêtre située sur la gauche nommée "Paste Instructions for Items to be Moved"
Image et choisir Coller.

Cliquer sur le bouton MoveIt!: Image
Attendre la fin du travail de l'outil puis fermer OTMoveIt3.
Note: Un redémarrage est parfois nécessaire. S'il est demandé, cliquer sur Oui/Yes


Étape 4: OTListIt (de OldTimer)
Fermer toutes les fenêtres de programme ouvertes.

Supprimer les deux fichiers OTListIt.txt et Extras.txt présents sur le Bureau.

Faire un double clic sur OTListIt.exe pour lancer l'outil.

Cocher la case située devant Scan All Users.
Cliquer sur le bouton Run Scan et laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant l'un des deux rapports.
Fermer le Bloc-notes.
Le second rapport est visible dans la Barre des tâches. Le fermer également.
Fermer la fenêtre de OTListIt.


Étape 5: Résultats
Envoyer en réponse le rapport de OTMoveIt3 (contenu du fichier Lecteur\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[Lecteur représente la partition depuis laquelle OTMoveIt3 a été lancé, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du log):
*- le rapport principal de OTListIt (contenu du fichier OTListIt.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede zagato38 » 06 Déc 2008, 13:59

Bonjour,

Les manips sont faites :

OTMoveIt3 :
Error: Unable to interpret <rien> in the current context!
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpywareCleaner deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\System32\frmwrk32.exe not found.
C:\WINDOWS\System32\uniq.tll moved successfully.
C:\WINDOWS\System32\test.ttt moved successfully.
C:\WINDOWS\System32\SpywareRemover.exe moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\WFVB.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT025b7.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT025bb.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Florent\Local Settings\Application Data\Mozilla\Firefox\Profiles\t4pdiiln.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Florent\Local Settings\Application Data\Mozilla\Firefox\Profiles\t4pdiiln.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Florent\Local Settings\Application Data\Mozilla\Firefox\Profiles\t4pdiiln.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Florent\Local Settings\Application Data\Mozilla\Firefox\Profiles\t4pdiiln.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12062008_134619

Files moved on Reboot...
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\WFVB.tmp not found!
C:\WINDOWS\temp\ZLT025b7.TMP moved successfully.
File C:\WINDOWS\temp\ZLT025bb.TMP not found!
C:\Documents and Settings\Florent\Local Settings\Application Data\Mozilla\Firefox\Profiles\t4pdiiln.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Florent\Local Settings\Application Data\Mozilla\Firefox\Profiles\t4pdiiln.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Florent\Local Settings\Application Data\Mozilla\Firefox\Profiles\t4pdiiln.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Florent\Local Settings\Application Data\Mozilla\Firefox\Profiles\t4pdiiln.default\Cache\_CACHE_MAP_ moved successfully.
zagato38
 
Messages: 26
Inscription: 01 Déc 2008, 20:22
Localisation: gRENOBLE

Messagede zagato38 » 06 Déc 2008, 14:00

et OTListIt
OTListIt logfile created on: 06/12/2008 13:56:04 - Run 3
OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Florent\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1023,48 Mb Total Physical Memory | 521,17 Mb Available Physical Memory | 50,92% Memory free
2,40 Gb Paging File | 2,07 Gb Available in Paging File | 86,16% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 51,10 Gb Free Space | 34,28% Space Free | Partition Type: NTFS
Drive D: | 347,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 76,31 Gb Total Space | 15,59 Gb Free Space | 20,43% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FLO-D432C58BC2A
Current User Name: Florent
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/12/13 18:27:10 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2004/09/22 19:00:00 | 00,094,208 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\shstat.exe
[2004/08/06 02:50:00 | 00,139,320 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
[2003/10/07 08:48:56 | 00,147,514 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
[2005/03/24 00:26:09 | 00,217,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
[2007/04/20 16:52:32 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
[2007/08/24 06:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[2006/12/08 21:22:51 | 00,512,000 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis3a.exe
[2007/12/20 16:16:24 | 00,037,376 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
[2007/04/03 17:50:00 | 01,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
[2007/02/04 11:02:14 | 00,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
[2007/12/13 18:27:10 | 00,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
[2004/04/23 13:28:00 | 00,077,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Profiler\LWEMon.exe
[2007/02/09 09:28:38 | 00,072,704 | ---- | M] (Autodata Limited) -- C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe
[2004/08/06 02:50:00 | 00,102,463 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
[2004/09/22 19:00:00 | 00,221,191 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe
[2004/08/06 02:50:00 | 00,237,623 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
[2004/09/22 19:00:00 | 00,028,672 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
[2005/12/14 13:51:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2007/11/29 21:34:38 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/12/03 12:44:22 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Florent\Bureau\OTListIt.exe

========== (O23) Win32 Services ==========

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2006/08/09 18:10:21 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2005/09/23 06:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/02/09 09:28:38 | 00,072,704 | ---- | M] (Autodata Limited) -- C:\Program Files\Fichiers communs\Autodata Limited Shared\Service\ADCDLicSvc.exe -- (Autodata Limited License Service [Auto | Running])
[2005/09/23 06:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2004/08/06 02:50:00 | 00,102,463 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
[2004/09/22 19:00:00 | 00,221,191 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe -- (McShield [Auto | Running])
[2004/09/22 19:00:00 | 00,028,672 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe -- (McTaskManager [Auto | Running])
[2007/08/24 05:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
[2005/12/14 13:51:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/11/29 21:34:38 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2007/12/13 18:27:10 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
[2006/11/03 08:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2004/11/17 12:05:38 | 02,297,664 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2004/09/18 13:17:42 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\Dorine\Local Settings\Temp\cdrmkaun.sys -- (cdrmkaun [On_Demand | Stopped])
[2005/01/02 02:10:37 | 00,026,240 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL [On_Demand | Running])
[2005/01/02 02:07:05 | 00,009,728 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO [Auto | Running])
[2005/01/02 02:11:43 | 00,003,968 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay [On_Demand | Running])
[2003/12/31 10:35:16 | 00,018,848 | ---- | M] (FreeBox SA) -- C:\WINDOWS\system32\drivers\fbxusb.sys -- (fbxusb [On_Demand | Stopped])
[2008/04/13 19:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2008/04/13 19:45:32 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gckernel.sys -- (GcKernel [On_Demand | Stopped])
[2001/08/17 22:02:32 | 00,008,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame [On_Demand | Stopped])
[2001/08/17 22:02:50 | 00,002,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd [On_Demand | Stopped])
[2008/04/14 03:05:15 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2007/07/19 14:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2001/08/17 22:02:40 | 00,035,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msgame.sys -- (msgame [On_Demand | Stopped])
[2001/08/17 23:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
[2004/08/13 03:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])
[2004/09/22 19:00:00 | 00,108,256 | ---- | M] (Network Associates, Inc.) -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1 [On_Demand | Running])
[2004/09/22 19:00:00 | 00,058,048 | ---- | M] (Network Associates, Inc.) -- C:\WINDOWS\system32\drivers\mvstdi5x.sys -- (NaiAvTdi1 [System | Running])
[2005/12/14 13:51:00 | 03,580,480 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2005/04/05 20:22:28 | 00,033,536 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2005/04/05 20:22:30 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2005/03/15 10:45:20 | 00,020,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32 [On_Demand | Running])
[2006/12/10 10:34:48 | 00,114,496 | ---- | M] (Protection Technology Co.) -- C:\WINDOWS\system32\drivers\prodrv04.sys -- (prodrv04 [System | Running])
[2004/08/09 12:29:28 | 00,053,920 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\prodrv06.sys -- (prodrv06 [System | Running])
[2004/08/09 12:33:26 | 00,114,016 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\prohlp02.sys -- (prohlp02 [Boot | Running])
[2004/07/19 15:49:54 | 00,007,040 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\prosync1.sys -- (prosync1 [Boot | Running])
[2002/08/30 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 22:05:16 | 00,028,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\OVCD.sys -- (QCDonner [On_Demand | Stopped])
[2007/11/13 11:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2005/08/10 13:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
[2003/12/01 16:20:52 | 00,004,832 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfhlp01.sys -- (sfhlp01 [Boot | Running])
[2005/05/16 14:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
[2005/12/06 16:11:18 | 00,035,328 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfsync03.sys -- (sfsync03 [Boot | Running])
[2007/10/18 19:18:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
[2007/07/19 14:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (TSP [On_Demand | Stopped])
[2007/12/13 18:27:14 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [System | Running])
[2004/04/14 10:08:00 | 00,010,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum [On_Demand | Running])
[2004/04/14 10:08:00 | 00,021,280 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter [On_Demand | Stopped])
[2004/04/14 10:08:00 | 00,005,600 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid [On_Demand | Stopped])
[2004/04/14 10:08:00 | 00,044,064 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore [On_Demand | Running])
[2004/09/22 19:00:00 | 00,008,320 | ---- | M] (Network Associates, Inc) -- C:\WINDOWS\system32\drivers\EntDrv51.sys -- (EntDrv51 [On_Demand | Running])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



HKU\S-1-5-21-789336058-1383384898-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKU\S-1-5-21-789336058-1383384898-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-789336058-1383384898-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
HKU\S-1-5-21-789336058-1383384898-682003330-1003\S-1-5-21-789336058-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (47 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Copernic Agent) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O3 - HKCU\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O3 - HKU\S-1-5-21-789336058-1383384898-682003330-1003\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-789336058-1383384898-682003330-1003\..\Toolbar: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon (CANON INC.)
O4 - HKLM..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s (SlySoft, Inc.)
O4 - HKLM..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay (Elaborate Bytes AG)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey (Network Associates, Inc.)
O4 - HKLM..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" (Network Associates, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" (Nuance Communications, Inc.)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM (FinePrint Software, LLC)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE (Network Associates, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC)
O4 - HKCU..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui (Logitech Inc.)
O4 - HKCU..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter File not found
O4 - HKU\S-1-5-21-789336058-1383384898-682003330-1003..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui (Logitech Inc.)
O4 - HKU\S-1-5-21-789336058-1383384898-682003330-1003..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Christelle\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\Florent\Menu Démarrer\Programmes\Démarrage\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKU\S-1-5-21-789336058-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\S-1-5-21-789336058-1383384898-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\NPJPI150_08.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://www.mypix.com/fr/fr/importer/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} http://asp03.photoprintit.de/microsite/ ... loader.cab (IPSUploader Control)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://www.mypix.com/fr/fr/importer/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key does not exist or could not be opened.)
O18 - Protocol\Handler: - copernicagent - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler: - copernicagentcache - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler: - grooveLocalGWS - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-help - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autorun.exe [MZ | ]
[2004/11/11 17:48:23 | 07,127,040 | R--- | M] (FIRAXIS Games, Inc.) -- D:\autorun.exe -- [ CDFS ]

autorun.inf [[autorun] | OPEN=autorun.exe | ]
[2004/08/24 10:33:16 | 00,000,027 | R--- | M] () -- D:\autorun.inf -- [ CDFS ]

AUTOEXEC.BAT []
[2005/11/11 09:41:54 | 00,000,000 | ---- | M] () -- E:\AUTOEXEC.BAT -- [ FAT32 ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[18 C:\WINDOWS\*.tmp files]
[2008/12/06 13:46:19 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/12/06 13:42:58 | 00,349,696 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Florent\Bureau\OTMoveIt3.exe
[2008/12/06 13:38:42 | 00,000,628 | ---- | C] () -- C:\Documents and Settings\Florent\Bureau\NTREGOPT.lnk
[2008/12/06 13:38:42 | 00,000,609 | ---- | C] () -- C:\Documents and Settings\Florent\Bureau\ERUNT.lnk
[2008/12/06 13:38:41 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2008/12/04 22:17:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Florent\Application Data\Malwarebytes
[2008/12/04 22:17:43 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/04 22:17:43 | 00,000,713 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2008/12/04 22:17:40 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/04 22:17:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/04 22:17:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/04 22:16:37 | 02,539,400 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Florent\Bureau\mbam-setup.exe
[2008/12/03 12:47:03 | 00,000,274 | ---- | C] () -- C:\Documents and Settings\Florent\Bureau\Assiste.url
@Alternate Data Stream - 1150 bytes -> C:\Documents and Settings\Florent\Bureau\Assiste.url:favicon
[2008/12/03 12:45:00 | 00,418,304 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Florent\Bureau\OTListIt.exe
[2008/12/02 19:36:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Florent\Mes documents\Fichiers nettoyage
[2008/12/02 19:23:16 | 00,000,647 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Navilog1.lnk
[2008/12/02 19:23:16 | 00,000,000 | ---D | C] -- C:\Program Files\Navilog1
[2008/12/02 07:30:16 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2008/11/29 09:39:10 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2008/11/28 17:21:29 | 00,001,751 | ---- | C] () -- C:\Documents and Settings\Florent\Bureau\HijackThis.lnk
[2008/11/28 17:21:29 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/11/28 17:17:39 | 00,571,060 | ---- | C] (IL-MAFIOSO ) -- C:\Documents and Settings\Florent\Bureau\Navilog1.exe
[2008/11/28 17:17:17 | 01,581,780 | ---- | C] () -- C:\Documents and Settings\Florent\Bureau\SmitfraudFix.exe
[2008/11/28 17:12:23 | 00,001,565 | ---- | C] () -- C:\Documents and Settings\Florent\Bureau\CCleaner.lnk
[2008/11/28 17:12:22 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/11/26 22:04:15 | 00,000,950 | ---- | C] () -- C:\Documents and Settings\Florent\Bureau\Spybot - Search & Destroy.lnk
[2008/11/26 22:04:04 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/11/26 22:04:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/11/26 21:55:44 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2008/11/26 21:47:05 | 00,000,828 | ---- | C] () -- C:\Documents and Settings\Florent\Bureau\Ad-Aware.lnk
[2008/11/26 20:46:30 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2008/11/25 21:17:20 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/11/25 21:17:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/11/25 21:03:49 | 00,000,000 | ---D | C] -- C:\Program Files\AdwareSpywareScannerDeleter
[2008/11/25 20:30:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Florent\Application Data\Leadertech
[2008/11/25 20:15:44 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2008/11/25 20:15:44 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2008/11/25 20:15:42 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2008/11/25 20:15:40 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2008/11/25 20:15:38 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2008/11/25 20:15:36 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2008/11/25 20:15:34 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2008/11/25 20:15:32 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2008/11/25 20:15:30 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2008/11/25 20:15:29 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2008/11/25 20:15:27 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2008/11/25 20:15:27 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2008/11/25 20:15:25 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2008/11/25 20:15:23 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2008/11/25 20:15:20 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2008/11/25 20:15:20 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2008/11/25 20:15:18 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2008/11/25 20:15:16 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2008/11/25 20:15:13 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2008/11/25 20:15:13 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2008/11/25 20:15:11 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2008/11/25 20:14:47 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2008/11/25 20:14:46 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2008/11/25 20:14:45 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2008/11/25 20:14:45 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2008/11/25 20:14:44 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2008/11/25 20:14:43 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2008/11/25 20:13:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2008/11/12 10:41:11 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/11/12 10:40:35 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2008/11/09 13:58:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Florent\Mes documents\DL 9-11-2008


========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[18 C:\WINDOWS\*.tmp files]
[2008/12/06 13:52:36 | 00,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/06 13:52:05 | 00,061,465 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/12/06 13:51:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/06 13:51:53 | 00,358,895 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/12/06 13:51:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/06 13:50:21 | 09,039,904 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/12/06 13:50:21 | 00,091,004 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/12/06 13:42:06 | 00,349,696 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Florent\Bureau\OTMoveIt3.exe
[2008/12/06 13:38:42 | 00,000,628 | ---- | M] () -- C:\Documents and Settings\Florent\Bureau\NTREGOPT.lnk
[2008/12/06 13:38:42 | 00,000,609 | ---- | M] () -- C:\Documents and Settings\Florent\Bureau\ERUNT.lnk
[2008/12/05 17:23:16 | 00,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2008/12/05 13:09:33 | 00,000,274 | ---- | M] () -- C:\Documents and Settings\Florent\Bureau\Assiste.url
@Alternate Data Stream - 1150 bytes -> C:\Documents and Settings\Florent\Bureau\Assiste.url:favicon
[2008/12/04 22:17:43 | 00,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2008/12/04 22:16:51 | 02,539,400 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Florent\Bureau\mbam-setup.exe
[2008/12/03 19:52:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:52:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/03 12:44:22 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Florent\Bureau\OTListIt.exe
[2008/12/02 19:47:02 | 00,071,592 | ---- | M] () -- C:\Documents and Settings\Florent\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/02 19:23:16 | 00,000,647 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Navilog1.lnk
[2008/12/02 07:24:58 | 00,172,544 | ---- | M] () -- C:\Documents and Settings\Florent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/28 17:42:36 | 02,199,606 | ---- | M] () -- C:\WINDOWS\ACD Wallpaper.bmp
[2008/11/28 17:21:29 | 00,001,751 | ---- | M] () -- C:\Documents and Settings\Florent\Bureau\HijackThis.lnk
[2008/11/28 17:17:34 | 00,571,060 | ---- | M] (IL-MAFIOSO ) -- C:\Documents and Settings\Florent\Bureau\Navilog1.exe
[2008/11/28 17:17:16 | 01,581,780 | ---- | M] () -- C:\Documents and Settings\Florent\Bureau\SmitfraudFix.exe
[2008/11/28 17:12:23 | 00,001,565 | ---- | M] () -- C:\Documents and Settings\Florent\Bureau\CCleaner.lnk
[2008/11/26 22:04:15 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Florent\Bureau\Spybot - Search & Destroy.lnk
[2008/11/26 21:47:05 | 00,000,828 | ---- | M] () -- C:\Documents and Settings\Florent\Bureau\Ad-Aware.lnk
[2008/11/26 21:42:20 | 00,275,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/26 16:11:58 | 00,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/11/26 15:49:47 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\Florent\Local Settings\Application Data\IconCache.db

<End>
zagato38
 
Messages: 26
Inscription: 01 Déc 2008, 20:22
Localisation: gRENOBLE

Messagede zagato38 » 06 Déc 2008, 14:00

et Extras.txt

OTListIt Extras logfile created on: 06/12/2008 13:56:04 - Run 3
OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Florent\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1023,48 Mb Total Physical Memory | 521,17 Mb Available Physical Memory | 50,92% Memory free
2,40 Gb Paging File | 2,07 Gb Available in Paging File | 86,16% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 51,10 Gb Free Space | 34,28% Space Free | Partition Type: NTFS
Drive D: | 347,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 76,31 Gb Total Space | 15,59 Gb Free Space | 20,43% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FLO-D432C58BC2A
Current User Name: Florent
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/05/21 03:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2007/08/28 23:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
[2008/05/21 04:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
[2008/04/14 03:34:13 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb
File not found -- C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray
File not found -- C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client
[2006/10/13 17:20:08 | 20,058,152 | ---- | M] () -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0297C87B-CC40-446F-865A-031B4FC0CF22}" = Race Driver 3
"{0C321D1F-2262-42C2-94C5-5E5765507C72}" = Star Wars Starfighter
"{0E0DEE51-07F5-4EB6-9E14-73498515D13F}" = Lafuma Unlimit
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{1AB93ECB-2985-4CA8-807A-913AF340ABE8}" = 7000 Lettres et Courriers Types
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}" = Need for Speed™ ProStreet
"{31B8F5FD-D3D7-11D8-B732-00C04F4351FF}" = GdgAnglaisCe
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{4DCA2739-9D16-4B55-808C-E72CD70A5BD3}" = McAfee VirusScan Enterprise
"{5B39603F-2A77-40E6-950D-ED7B8307933D}" = Microsoft IntelliPoint 5.3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75569133-FD58-4F54-B622-9193EC7B6000}" = LITTLEST PET SHOP
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_ENTERPRISE_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_ENTERPRISE_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_ENTERPRISE_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_ENTERPRISE_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_ENTERPRISE_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_ENTERPRISE_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_ENTERPRISE_{5A2F65A4-808F-4A1E-973E-92E17824982D}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_ENTERPRISE_{B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_ENTERPRISE_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_ENTERPRISE_{EC50B538-CBE1-42E6-B7FE-87AA540AADFB}" = Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_ENTERPRISE_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2007
"{90120000-00BA-040C-0000-0000000FF1CE}_ENTERPRISE_{A0353900-21A2-42CF-B973-883500A027F7}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{AC76BA86-7AD7-1036-7B44-A71000000002}" = Adobe Reader 7.1.0 - Français
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software
"{BAF5914B-5730-4373-B038-9F436AC6A0D6}" = Rayman3
"{DD54C6DE-B787-406D-A5A7-A49E0471E45B}" = ACDSee 8
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EB64DD0C-3C22-4D6B-A6FE-3ECB1EA6C98E}" = Musetools NT
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adware Spyware Scanner Deleter_is1" = Adware Spyware Scanner Deleter version 0.2
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"CloneCD" = CloneCD
"CloneDVD" = CloneDVD
"CloneDVD2" = CloneDVD2
"Copernic Agent Basic" = Copernic Agent Basic
"dBpowerAMP CD Writer" = dBpowerAMP CD Writer
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Electronic Arts Game Updater" = Electronic Arts Game Updater
"eMule" = eMule
"Enregistrement utilisateur de Canon MP210 series" = Enregistrement utilisateur de Canon MP210 series
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Exact Audio Copy" = Exact Audio Copy 0.95b4
"FeedReader_is1" = FeedReader
"FLAC" = FLAC Installer 1.1.2a (remove only)
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.6.3
"Free.fr" = Free - Kit de connexion
"GrabIt_is1" = GrabIt 1.6.2 Beta (build 940)
"Grids" = Grids
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Indeo® software" = Indeo® software
"InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"Lemmings Revolution" = Lemmings Revolution
"LucasArts' Star Wars: Episode I Racer" = Star Wars: Episode I Racer de LucasArts
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Monkey's Audio_is1" = Monkey's Audio
"Mozilla Firefox (2.0.0.4)" = Mozilla Firefox (2.0.0.4)
"Mozilla Thunderbird (2.0.0.18)" = Mozilla Thunderbird (2.0.0.18)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Navilog1_is1" = Navilog1 3.6.9
"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition
"NeroVision!UninstallKey" = NeroVision Express 3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"pdfFactory Pro" = pdfFactory Pro
"PhotoFiltre" = PhotoFiltre
"PokerAcademyPro2" = Poker Academy Pro 2
"PokerStars" = PokerStars
"QuickPar" = QuickPar 0.9
"QuickTime" = QuickTime
"RealArcade 1.2" = RealArcade
"RealPlayer 6.0" = RealPlayer
"Satsuki Decoder Pack" = Satsuki Decoder Pack
"Skype_is1" = Skype 2.5
"SONICADVDX" = SONIC ADVENTURE DX-Director's Cut
"TmUnited_is1" = TrackMania United 0.2.0.0
"Winamp" = Winamp
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/11/2008 15:05:44 | Computer Name = FLO-D432C58BC2A | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Le fichier C:\System Volume Information\_restore{760F8A70-36F1-4FA9-9DB7-C937D3B57242}\RP653\A0265571.exe
est infecté par le virus Generic.dx (Cheval de Troie). La suppression du fichier
a réussi.(ordinateur source FLO-D432C58BC2A, adresse IP 88.179.86.2, utilisateur
FLO-D432C58BC2A, exécution de VirusScan Enter 8.0 - OAS)

Error - 01/12/2008 19:27:28 | Computer Name = FLO-D432C58BC2A | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Le fichier C:\quarantine\A0253892.dll.Vir.vir
est infecté par le virus New Malware.ja (Cheval de Troie). Détecté à l'aide du
moteur d'analyse 5300, version des fichiers DAT 5450.(ordinateur source FLO-D432C58BC2A,
adresse IP 88.179.86.2, utilisateur FLO-D432C58BC2A, exécution de VirusScan Enter
8.0 - OAS)

Error - 01/12/2008 19:27:28 | Computer Name = FLO-D432C58BC2A | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Le fichier C:\quarantine\A0253892.dll.Vir.vir
est infecté par le virus New Malware.ja (Cheval de Troie). Aucun nettoyeur disponible,
mise en quarantaine réussie. Le virus a été détecté par le moteur d'analyse. Version
du moteur : 5300. Version des fichiers DAT : 5450.(ordinateur source FLO-D432C58BC2A,
adresse IP 88.179.86.2, utilisateur FLO-D432C58BC2A, exécution de VirusScan Enter
8.0 - OAS)

Error - 01/12/2008 19:27:28 | Computer Name = FLO-D432C58BC2A | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Le fichier C:\quarantine\tmunite.dll.Vir est
infecté par le virus New Malware.ja (Cheval de Troie). Détecté à l'aide du moteur
d'analyse 5300, version des fichiers DAT 5450.(ordinateur source FLO-D432C58BC2A,
adresse IP 88.179.86.2, utilisateur FLO-D432C58BC2A, exécution de VirusScan Enter
8.0 - OAS)

Error - 01/12/2008 19:27:28 | Computer Name = FLO-D432C58BC2A | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Le fichier C:\quarantine\tmunite.dll.Vir est
infecté par le virus New Malware.ja (Cheval de Troie). Aucun nettoyeur disponible,
mise en quarantaine réussie. Le virus a été détecté par le moteur d'analyse. Version
du moteur : 5300. Version des fichiers DAT : 5450.(ordinateur source FLO-D432C58BC2A,
adresse IP 88.179.86.2, utilisateur FLO-D432C58BC2A, exécution de VirusScan Enter
8.0 - OAS)

Error - 01/12/2008 20:13:09 | Computer Name = FLO-D432C58BC2A | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Le fichier E:\System Volume Information\_restore{760F8A70-36F1-4FA9-9DB7-C937D3B57242}\RP652\A0265220.exe
est infecté par le virus Generic.dx (Cheval de Troie). La suppression du fichier
a réussi.(ordinateur source FLO-D432C58BC2A, adresse IP 88.179.86.2, utilisateur
FLO-D432C58BC2A, exécution de VirusScan Enter 8.0 - OAS)

Error - 02/12/2008 14:22:18 | Computer Name = FLO-D432C58BC2A | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Le fichier C:\Program Files\Navilog1\is-BM4N2.tmp
est infecté par le virus Generic.dx (Cheval de Troie). La suppression du fichier
a réussi.(ordinateur source FLO-D432C58BC2A, adresse IP 88.179.86.2, utilisateur
FLO-D432C58BC2A, exécution de VirusScan Enter 8.0 - OAS)

Error - 02/12/2008 14:22:42 | Computer Name = FLO-D432C58BC2A | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Le fichier C:\Program Files\Navilog1\is-4V0IO.tmp
est infecté par le virus Generic.dx (Cheval de Troie). La suppression du fichier
a réussi.(ordinateur source FLO-D432C58BC2A, adresse IP 88.179.86.2, utilisateur
FLO-D432C58BC2A, exécution de VirusScan Enter 8.0 - OAS)

Error - 03/12/2008 07:45:26 | Computer Name = FLO-D432C58BC2A | Source = Alert Manager Event Interface | ID = 257
Description = VirusScan Enterprise: Le fichier C:\Program Files\Navilog1\gnc.exe
est infecté par le virus Generic.dx (Cheval de Troie). La suppression du fichier
a réussi.(ordinateur source FLO-D432C58BC2A, adresse IP 88.179.86.2, utilisateur
FLO-D432C58BC2A, exécution de VirusScan Enter 8.0 - OAS)

Error - 03/12/2008 09:13:46 | Computer Name = FLO-D432C58BC2A | Source = McLogEvent | ID = 5051
Description = Il a fallu plus de 90000 minutes à la thread active C:\Program Files\Network
Associates\VirusScan\Mcshield.exe pour répondre à une requête. Le processus sera
interrompu. ID de la thread : 2224 (0x8b0) Adresse de la thread : 0x7C91E4F4 Message
de la thread : Build Aug 20 2004 04:46:11 / 5300.2777 Object being scanned = Process
1052 by McShield.exe 20039(1343)(0) 20038(1343)(32) 20039(1218)(0) 20038(1218)(32)

20039(1218)(0) 20038(1218)(32) 20039(1218)(0) 20038(1218)(32)

[ System Events ]
Error - 04/12/2008 12:37:40 | Computer Name = FLO-D432C58BC2A | Source = DCOM | ID = 10010
Description = Le serveur {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 04/12/2008 12:39:40 | Computer Name = FLO-D432C58BC2A | Source = DCOM | ID = 10010
Description = Le serveur {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 04/12/2008 13:09:40 | Computer Name = FLO-D432C58BC2A | Source = DCOM | ID = 10010
Description = Le serveur {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 04/12/2008 13:11:40 | Computer Name = FLO-D432C58BC2A | Source = DCOM | ID = 10010
Description = Le serveur {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 04/12/2008 13:41:40 | Computer Name = FLO-D432C58BC2A | Source = DCOM | ID = 10010
Description = Le serveur {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 04/12/2008 13:43:40 | Computer Name = FLO-D432C58BC2A | Source = DCOM | ID = 10010
Description = Le serveur {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 04/12/2008 14:13:41 | Computer Name = FLO-D432C58BC2A | Source = DCOM | ID = 10010
Description = Le serveur {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 04/12/2008 14:15:41 | Computer Name = FLO-D432C58BC2A | Source = DCOM | ID = 10010
Description = Le serveur {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 04/12/2008 14:45:41 | Computer Name = FLO-D432C58BC2A | Source = DCOM | ID = 10010
Description = Le serveur {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 04/12/2008 14:47:41 | Computer Name = FLO-D432C58BC2A | Source = DCOM | ID = 10010
Description = Le serveur {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.


<End>
zagato38
 
Messages: 26
Inscription: 01 Déc 2008, 20:22
Localisation: gRENOBLE

Messagede zagato38 » 06 Déc 2008, 14:02

J'ai l'impression que mon PC est beaucoup moins ralenti maintenant (est-ce une idée ?)

Sauf pour fermer Windows.

Merci.

A plus tard.
zagato38
 
Messages: 26
Inscription: 01 Déc 2008, 20:22
Localisation: gRENOBLE

PrécédenteSuivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 47 invités