Mon ordinateur a pas mal de soucis

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Mon ordinateur a pas mal de soucis

Messagede abdel69120 » 07 Fév 2009, 09:02

Bonjour à tous,

Mon PC est en train d'agoniser : lorsque je l'allume, la barre des tâches ainsi que le bureau ne s'affichent plus. Avant que j'aie ce soucis, Internet ne marchait plus. Il affichait parfois un "Autorité/NT system"...

Je ne sais plus quoi faire. Merci donc de bien vouloir m'aider.

Rapport HiJackThis :
Logfile of HijackThis v1.99.1
Scan saved at 08:52:52, on 07/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Verdiem\Edison\edsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
J:\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: llgyck.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Edison Power Management Service (edsvc) - Verdiem - C:\Program Files\Verdiem\Edison\edsvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
abdel69120
 
Messages: 54
Inscription: 17 Avr 2007, 12:03
Localisation: Lyon

Messagede nickW » 07 Fév 2009, 16:09

Bonjour,

De quel ordinateur s'agit-il?

Ton PC, ton portable, le PC de ton cousin, celui d'un ami ...? :shock:



La version de HijackThis utilisée est obsolète et mal installée.
HijackThis (de TrendMicro), installation
Télécharger HijackThis de TrendMicro depuis la page:
http://www.trendsecure.com/portal/en-US ... s/download
Cliquer sur le lien: Download HijackThis Installer
Enregistrer ce fichier sur le Bureau.
Lancer l'installation par un double clic sur HJTInstall.exe
Si elle s'affiche, lire et accepter la licence (cliquer sur le bouton I Accept)
Fermer HijackThis.



Création de rapports (logs) plus détaillés:

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec).
Sous Windows XP, pour vérifier si un compte a les droits "Administrateur":
Démarrer---->Paramètres---->Panneau de configuration---->Comptes d'utilisateurs
A côté de l'icône représentant certains comptes (hormis celui nommé "Administrateur"), il est indiqué "Administrateur de l'ordinateur"
C'est l'un de ces comptes qu'il faudra utiliser.



Étape 1: OTListIt2 (de OldTimer), téléchargement
Télécharger OTListIt2.exe depuis http://oldtimer.geekstogo.com/OTListIt2.exe
Enregistrer ce fichier sur le Bureau.


Étape 2: Toolbar-S&D (de la Team IDN), téléchargement
Télécharger Toolbar-S&D via un clic droit sur le lien: http://eric.71.mespages.googlepages.com/ToolBarSD.exe
Enregistrer le fichier sur le Bureau.


Étape 3: Désactivation des programmes de sécurité résidents
Désactiver le module résident de l'antivirus.
Image Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "AntiVir Guard enable"


Étape 4: Toolbar-S&D (de la Team IDN), option 1: Recherche
Faire un double clic sur ToolBarSD.exe situé sur le Bureau pour lancer l'exécution de l'outil.

Choisir la langue en tapant F puis en appuyant sur Entrée.
Lire l'avertissement, puis cliquer sur OK.

Après l'affichage du menu, taper 1 puis faire Entrée pour rechercher les fichiers responsables de l'infection.
Lorsque la recherche est terminée, une fenêtre du Bloc-notes s'ouvre et affiche le rapport (alias log).

Fermer le Bloc-notes, ce qui termine l'exécution de l'outil.

Note:
Si le Bureau ne réapparaît pas, ouvrir le Gestionnaire des tâches en utilisant simultanément les touches CTRL+ALT+SUPP.
Cliquer en haut sur le Menu Fichier et choisir Nouvelle tâche (Exécuter...).
Dans la nouvelle fenêtre Créer une nouvelle tâche qui s'est ouverte, dans la zone Ouvrir, taper exactement explorer puis cliquer sur le bouton OK. Le Bureau va réapparaître.


Étape 5: Réactivation des programmes de sécurité résidents
Important: Réactiver le module résident de l'antivirus et celui de l'antispyware.


Étape 6: OTListIt2 (de OldTimer)
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTListIt2.exe pour lancer l'outil.

L'écran principal de OTListIt2 s'affiche:
Image

Si ce n'est déjà fait, dans le paragraphe Extra Registry, cocher le bouton-radio Use SafeList

Cocher (en haut) la case située devant Scan All Users: Image

Puis cliquer sur le bouton Run Scan: Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Le second rapport est visible dans la Barre des tâches. Le fermer également.
Fermer la fenêtre de OTListIt2.


Étape 7: Résultats
Envoyer en réponse:
*- le rapport de ToolBar S&D (contenu du fichier SystemDrive\TB.txt)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans deux messages distincts (à cause de la longueur des logs):
*- les deux rapports de OTListIt2 (contenu des fichiers OTListIt.txt et Extras.txt situés sur le Bureau).
Les rapports envoyés sur le forum doivent se terminer par une ligne contenant <End>. Si ce n'est pas le cas, ils sont incomplets, et doivent alors être découpés en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede abdel69120 » 09 Fév 2009, 08:00

Bonjour,

Il s'agit de PC de mon frère. Vraiment désolé si ça fait beaucoup de PCs à nettoyer. :oops:

Voici les rapports :
TB.txt :
-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Fouzi ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Not Activated)
Firewall : ActiveArmor Firewall 1.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:96 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)
I:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 09/02/2009| 7:43 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\AskSBar
C:\Program Files\AskSBar\bar
C:\Program Files\AskSBar\SrchAstt
C:\Program Files\AskSBar\bar\1.bin
C:\Program Files\AskSBar\bar\Cache
C:\Program Files\AskSBar\bar\History
C:\Program Files\AskSBar\bar\Settings
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL
C:\Program Files\AskSBar\bar\1.bin\V2RSSMNU.DLL
C:\Program Files\AskSBar\bar\Cache\0018DD5B
C:\Program Files\AskSBar\bar\Cache\0018DF01
C:\Program Files\AskSBar\bar\Cache\0018E039.bin
C:\Program Files\AskSBar\bar\Cache\0018E1EF.bin
C:\Program Files\AskSBar\bar\Cache\0018E346.bin
C:\Program Files\AskSBar\bar\Cache\0018E46F.bin
C:\Program Files\AskSBar\bar\Cache\0018E5A8.bin
C:\Program Files\AskSBar\bar\Cache\0018E6D1.bin
C:\Program Files\AskSBar\bar\Cache\files.ini
C:\Program Files\AskSBar\bar\History\search2
C:\Program Files\AskSBar\bar\Settings\prevcfg2.htm
C:\Program Files\AskSBar\SrchAstt\1.bin
C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.google.fr/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Page_URL"="http://www.01net.com/telecharger/"
"Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.01net.com/telecharger/"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.01net.com/telecharger/"
"Search Bar"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"


--------------------\\ Recherche d'autres infections


C:\DOCUME~1\Fouzi\LOCALS~1\APPLIC~1\aqucgam.dat
C:\DOCUME~1\Fouzi\LOCALS~1\APPLIC~1\aqucgam.exe
C:\DOCUME~1\Fouzi\LOCALS~1\APPLIC~1\aqucgam_nav.dat
C:\DOCUME~1\Fouzi\LOCALS~1\APPLIC~1\aqucgam_navps.dat
==> EGDACCESS </b> VUNDO <==

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Fouzi\Application Data\uTorrent\Pinnacle Studio Plus v11 MultiLanguage Bonus DVD Incl Keygen.torrent
C:\DOCUME~1\Fouzi\Bureau\Pro evolution soccer 2009 [PC-DVD][Multi5][matrixmersion]\Pro evolution soccer 2009\Crack
C:\DOCUME~1\Fouzi\Bureau\Pro evolution soccer 2009 [PC-DVD][Multi5][matrixmersion]\Pro evolution soccer 2009\Crack\pes2009.exe
C:\DOCUME~1\Fouzi\Favoris\[EXCLU][CRACK] GTA 4 + tuto [sans bug] test‚ - .. B2hteam ...url
C:\DOCUME~1\Fouzi\Favoris\Site Torrent\SoftMaroc\SoftMaroc Voir le sujet - [MU]Magix Video Deluxe 2008 + Crack [FR] [2008].url
C:\DOCUME~1\Fouzi\Mes documents\Mes fichiers re‡us\Alcohol 1.9.6.5429 + Crack
C:\DOCUME~1\Fouzi\Mes documents\Mes fichiers re‡us\Alcohol 1.9.6.5429 + Crack.rar
C:\DOCUME~1\Fouzi\Mes documents\Mes fichiers re‡us\Ahead.Nero.v7.5.9.0.Multilingual.Incl.Keymaker-EMBRACE\Ahead.Nero.v7.5.9.0.Multilingual.Incl.Keymaker-EMBRACE\keygen.exe
C:\DOCUME~1\Fouzi\Mes documents\Mes fichiers re‡us\Alcohol 1.9.6.5429 + Crack\Alcohol 1.9.6.5429 + Crack
C:\DOCUME~1\Fouzi\Mes documents\Mes fichiers re‡us\Alcohol 1.9.6.5429 + Crack\Alcohol 1.9.6.5429 + Crack\Alcohol120 v1.9.6.5429 Retail.exe
C:\DOCUME~1\Fouzi\Mes documents\Mes fichiers re‡us\Alcohol 1.9.6.5429 + Crack\Alcohol 1.9.6.5429 + Crack\Crack
C:\DOCUME~1\Fouzi\Mes documents\Mes fichiers re‡us\Alcohol 1.9.6.5429 + Crack\Alcohol 1.9.6.5429 + Crack\Crack\Alcohol.exe
C:\DOCUME~1\Fouzi\Mes documents\Mes fichiers re‡us\Alcohol 1.9.6.5429 + Crack\Alcohol 1.9.6.5429 + Crack\Crack\ReadMe en.txt
C:\DOCUME~1\Fouzi\Mes documents\Mes fichiers re‡us\Alcohol 1.9.6.5429 + Crack\Alcohol 1.9.6.5429 + Crack\Crack\register.reg
C:\DOCUME~1\Fouzi\Mes documents\Mes fichiers re‡us\Alcohol 1.9.6.5429 + Crack\Alcohol 1.9.6.5429 + Crack\Crack\Serial.txt



1 - "C:\ToolBar SD\TB_1.txt" - 09/02/2009| 7:44 - Option : [1]

-----------\\ Fin du rapport a 7:44:45,65

abdel69120
 
Messages: 54
Inscription: 17 Avr 2007, 12:03
Localisation: Lyon

Messagede abdel69120 » 09 Fév 2009, 08:00

OTListIt.txt :
OTListIt logfile created on: 09/02/2009 07:52:14 - Run 3
OTListIt2 by OldTimer - Version 1.0.4.1 Folder = C:\Documents and Settings\Fouzi\Bureau\Nouveau dossier (2)\logs
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 3,99 Gb Available in Paging File | 99,86% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 96,56 Gb Free Space | 64,79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-4CF35A70
Current User Name: Fouzi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

[2007/08/22 02:57:14 | 00,487,424 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2007/08/22 02:57:14 | 00,487,424 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/06/12 14:46:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2008/08/07 09:17:00 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2008/07/31 14:19:32 | 00,075,008 | ---- | M] (Verdiem) -- C:\Program Files\Verdiem\Edison\edsvc.exe
[2008/11/22 03:05:37 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2006/02/17 09:35:58 | 00,127,035 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
[2008/11/04 17:00:27 | 00,107,832 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
[2006/04/21 21:06:14 | 00,069,632 | ---- | M] () -- C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
[2007/07/24 10:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
[2006/02/17 09:39:02 | 00,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
[2006/03/02 13:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/06/12 14:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2007/11/06 15:03:36 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2006/03/02 13:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/10/15 08:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007/09/20 09:35:36 | 00,118,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
[2009/02/08 08:39:54 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fouzi\Bureau\Nouveau dossier (2)\logs\OTListIt2.exe

========== (O23) Win32 Services (SafeList) ==========

[2008/06/12 14:46:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/08/07 09:17:00 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
[2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/08/22 02:57:14 | 00,487,424 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2007/08/21 20:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/07/31 14:19:32 | 00,075,008 | ---- | M] (Verdiem) -- C:\Program Files\Verdiem\Edison\edsvc.exe -- (edsvc [Auto | Running])
[2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2006/02/17 09:39:02 | 00,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) [Auto | Running])
[2006/02/17 09:17:08 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -- (ForcewareWebInterface [Auto | Stopped])
[2006/03/02 13:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc [Auto | Running])
[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2004/08/19 15:09:32 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\irmon.dll -- (Irmon [Auto | Running])
[2008/11/22 03:05:37 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2006/11/10 18:18:02 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
[2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2006/02/17 09:35:58 | 00,127,035 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp [Auto | Running])
[2006/02/17 09:35:42 | 00,061,503 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog [Auto | Stopped])
[2005/02/09 11:59:00 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI [Auto | Stopped])
[2008/11/04 17:00:27 | 00,107,832 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB [Auto | Running])
[2006/04/21 21:06:14 | 00,069,632 | ---- | M] () -- C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe -- (prfldsvc [Auto | Running])
[2007/07/24 10:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2 [Auto | Running])
[2007/05/28 17:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Stopped])
[2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/09/28 18:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WudfSvc.dll -- (WudfSvc [Auto | Running])

========== Driver Services (SafeList) ==========

[2007/08/22 03:07:38 | 02,417,664 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2007/02/27 15:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2008/05/20 16:29:41 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
[2008/06/27 15:03:55 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [System | Running])
[2001/08/17 21:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk [On_Demand | Stopped])
[2001/08/17 21:19:26 | 00,283,904 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k [On_Demand | Stopped])
[2001/08/17 21:19:28 | 00,006,912 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1 [On_Demand | Stopped])
[2003/03/02 17:44:26 | 00,007,552 | ---- | M] () -- C:\WINDOWS\system32\drivers\enodpl.sys -- (enodpl [Auto | Running])
[2004/08/04 00:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Stopped])
[2005/01/07 16:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/15 07:34:40 | 04,225,920 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService [On_Demand | Running])
[2001/08/17 20:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir [On_Demand | Running])
[2006/02/07 12:52:58 | 00,006,912 | R--- | M] (JMicron ) -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO [Boot | Running])
[2006/10/30 04:31:58 | 00,043,648 | R--- | M] (JMicron Technology Corp.) -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID [Boot | Running])
[2007/01/04 09:07:00 | 00,171,520 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus [On_Demand | Running])
[2004/08/13 03:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Stopped])
[2006/04/24 18:52:28 | 00,100,736 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata [Boot | Running])
[2006/02/17 12:28:30 | 00,034,176 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Stopped])
[2006/02/17 12:28:32 | 00,013,056 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Stopped])
[2004/08/09 12:29:28 | 00,053,920 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\prodrv06.sys -- (prodrv06 [System | Running])
[2004/08/09 12:33:26 | 00,114,016 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\prohlp02.sys -- (prohlp02 [Boot | Running])
[2004/07/19 15:49:54 | 00,007,040 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\prosync1.sys -- (prosync1 [Boot | Running])
[2006/04/21 08:22:24 | 00,070,912 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\drivers\prvflder.sys -- (Prvflder [Auto | Running])
[2006/03/02 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/07/23 17:50:48 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2008/02/25 19:54:56 | 00,105,088 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Stopped])
[2008/09/22 00:55:56 | 00,011,973 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2003/12/01 16:20:52 | 00,004,832 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfhlp01.sys -- (sfhlp01 [Boot | Running])
[2001/08/17 21:19:34 | 00,036,480 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman [On_Demand | Stopped])
[2001/08/17 21:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2008/12/23 17:54:23 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2007/03/01 10:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2003/04/19 00:32:04 | 00,004,736 | ---- | M] () -- C:\WINDOWS\system32\drivers\tandpl.sys -- (tandpl [Auto | Running])
[2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,OpenAllHomePages =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,UseHomepageForNewTab =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



HKU\S-1-5-21-1645522239-1965331169-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
HKU\S-1-5-21-1645522239-1965331169-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKU\S-1-5-21-1645522239-1965331169-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKU\S-1-5-21-1645522239-1965331169-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,OpenAllHomePages =
HKU\S-1-5-21-1645522239-1965331169-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKU\S-1-5-21-1645522239-1965331169-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-1645522239-1965331169-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded =
HKU\S-1-5-21-1645522239-1965331169-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
HKU\S-1-5-21-1645522239-1965331169-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
HKU\S-1-5-21-1645522239-1965331169-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,UseHomepageForNewTab =
HKU\S-1-5-21-1645522239-1965331169-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
HKU\S-1-5-21-1645522239-1965331169-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKU\S-1-5-21-1645522239-1965331169-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKU\S-1-5-21-1645522239-1965331169-682003330-1004\S-1-5-21-1645522239-1965331169-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (790 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (no name) - {06EB2FBE-E7EC-4168-9B26-69485898A458} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (no name) - {13E183D4-4BBE-432D-84CD-680F1C66C9A7} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (no name) - {2B20E67A-8DFF-4FE8-BBFD-EF0793E0F47F} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (no name) - {36E3DFB7-BB5A-4FA7-9D65-43C38E80BE86} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (no name) - {431282A3-AA0E-41B4-B91C-D0DEADAAB963} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (no name) - {435FC890-E0EA-4D92-9567-E4E4D95E7E88} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (no name) - {447049C6-B3EE-4EA2-AFAF-BA23E01381CC} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (no name) - {4D27EFD4-44F5-41FC-9A3A-8A076868BBB5} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {555B6C0B-97C4-42CA-BB03-BFCFD63485AB} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (no name) - {569EF718-F44B-484C-9276-FD61945AEF27} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (no name) - {578a413e-4ee4-42fd-b7cc-095978da6fe8} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (no name) - {58579b73-e2a2-4b6a-a243-2a17d7620a4f} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (no name) - {60F4E57A-CBEC-45FE-A696-061DB69120F7} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (no name) - {731D68E0-A87A-47F9-BE77-75275AC3999A} - C:\WINDOWS\system32\pmnlmnLb.dll ()
O2 - BHO: (no name) - {75E1E749-0F2C-4488-96A8-A10A25BA272B} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {88959262-BFA2-490D-B153-DEA9F891C0AE} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {911425d1-6377-4116-8513-35fe0d7962b6} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (no name) - {9E5D32BF-E4AA-4AAB-9B9E-D4AC87AD80BF} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (no name) - {9F5AFDC2-298C-4133-8964-A7364F6DCE93} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (no name) - {A08EFE85-0FA0-443A-9A98-33447D051367} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (no name) - {ac1d21c2-8241-47e8-86d8-aee1bd280b1f} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (no name) - {CD27B6AC-ED02-4F7C-9648-0C1E56CE553F} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (no name) - {d5fd8047-42ed-4355-9904-9e626bf53398} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {E4380BEE-D589-440B-B51E-33DCBCB52FC0} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (no name) - {e5df3590-9d37-46cf-a250-99a4653a88c2} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (no name) - {EBCF7556-FEED-4932-8FBE-141812CA7248} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (no name) - {EF31A357-48C8-4A71-A453-7DF40EDF0C51} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (no name) - {F0DEE68F-2F32-4EF0-82C4-E742CD5D3249} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (no name) - {F8B0FF64-1050-4E88-9B2B-F5A3975E67DA} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKCU..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO (Piriform Ltd)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-1645522239-1965331169-682003330-1004..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO (Piriform Ltd)
O4 - HKU\S-1-5-21-1645522239-1965331169-682003330-1004..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1645522239-1965331169-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: localhost (http in Trusted sites)
O15 - HKU\S-1-5-21-1645522239-1965331169-682003330-1004\..Trusted Sites: localhost (http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_10)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - livecall - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msnim - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls" = llgyck.dll
>File not found --

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
cbXQgfgG: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages" = msv1_0,C:\WINDOWS\system32\pmnlmnLb,
>[2008/12/15 18:43:01 | 00,235,008 | ---- | M] () -- C:\WINDOWS\system32\pmnlmnLb.dll

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [SET PATH=C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter | ]
[2008/09/23 05:47:12 | 00,000,095 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[6 C:\WINDOWS\*.tmp files]
[2009/02/09 07:43:23 | 00,000,000 | ---D | C] -- C:\ToolBar SD
[2009/02/09 07:36:32 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Fouzi\Bureau\HijackThis.lnk
[2009/02/09 07:36:32 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/02/09 07:36:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fouzi\Bureau\Nouveau dossier (2)
[2009/02/08 14:44:03 | 42,668,68713 | ---- | C] () -- C:\Documents and Settings\Fouzi\Bureau\Music.rar
[2009/02/08 14:43:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fouzi\Bureau\Music
[2009/02/08 14:07:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fouzi\Bureau\Musique
[2009/02/08 13:04:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fouzi\Bureau\Agraver
[2009/02/06 22:02:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/02/06 20:59:05 | 00,001,851 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\AntiVir PE Classic.lnk
[2009/02/06 20:58:58 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/02/06 20:58:58 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/02/06 20:58:57 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/02/06 20:58:57 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/02/06 20:58:56 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/02/06 20:58:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/02/06 18:59:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Arovax
[2009/02/04 18:00:29 | 01,658,079 | -HS- | C] () -- C:\WINDOWS\System32\ukcnjkjh.ini
[2009/02/04 18:00:25 | 00,068,096 | ---- | C] () -- C:\WINDOWS\System32\hjkjncku.VIR
[2009/02/03 17:54:55 | 01,679,263 | -HS- | C] () -- C:\WINDOWS\System32\faqdxjwf.ini
[2009/02/03 17:54:55 | 00,068,096 | ---- | C] () -- C:\WINDOWS\System32\fwjxdqaf.VIR
[2009/02/03 16:42:28 | 01,677,842 | -HS- | C] () -- C:\WINDOWS\System32\bjliqijl.ini
[2009/02/02 18:17:40 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/02/02 16:42:01 | 01,677,842 | -HS- | C] () -- C:\WINDOWS\System32\fiqebfpt.ini
[2009/02/01 10:20:23 | 01,618,956 | -HS- | C] () -- C:\WINDOWS\System32\tlxlrjte.ini
[2009/01/31 18:00:26 | 01,618,929 | -HS- | C] () -- C:\WINDOWS\System32\sektcqoj.ini
[2009/01/30 17:58:23 | 01,618,911 | -HS- | C] () -- C:\WINDOWS\System32\trecdcgy.ini
[2009/01/29 16:49:45 | 01,618,911 | -HS- | C] () -- C:\WINDOWS\System32\jfpxsvgg.ini
[2009/01/29 16:49:45 | 00,068,096 | ---- | C] () -- C:\WINDOWS\System32\ggvsxpfj.VIR
[2009/01/29 11:45:49 | 01,552,200 | -HS- | C] () -- C:\WINDOWS\System32\avkrfaty.ini
[2009/01/28 18:45:03 | 00,000,000 | ---D | C] -- C:\Program Files\Pure Motion
[2009/01/28 18:45:02 | 00,000,000 | ---D | C] -- C:\Program Files\Sonic Foundry
[2009/01/28 18:44:52 | 00,000,000 | ---D | C] -- C:\Program Files\DebugMode
[2009/01/28 17:45:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DFX
[2009/01/28 17:45:09 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\DFX
[2009/01/28 11:44:51 | 01,552,191 | -HS- | C] () -- C:\WINDOWS\System32\jqrutrdj.ini
[2009/01/27 01:08:33 | 01,550,258 | -HS- | C] () -- C:\WINDOWS\System32\dwdlekry.ini
[2009/01/25 15:23:21 | 00,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2009/01/25 15:23:21 | 00,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2009/01/23 03:11:53 | 01,474,100 | -HS- | C] () -- C:\WINDOWS\System32\shytkbcf.ini
[2009/01/23 03:11:52 | 00,068,096 | ---- | C] () -- C:\WINDOWS\System32\fcbktyhs.VIR
[2009/01/22 11:25:13 | 01,474,109 | -HS- | C] () -- C:\WINDOWS\System32\bvahcelb.ini
[2009/01/21 11:24:24 | 00,335,064 | ---- | C] () -- C:\Documents and Settings\Fouzi\Local Settings\Application Data\aqucgam_nav.dat
[2009/01/21 11:24:24 | 00,003,798 | ---- | C] () -- C:\Documents and Settings\Fouzi\Local Settings\Application Data\aqucgam_navps.dat
[2009/01/21 11:24:24 | 00,003,261 | ---- | C] () -- C:\Documents and Settings\Fouzi\Local Settings\Application Data\aqucgam.dat
[2009/01/21 11:24:22 | 00,221,184 | ---- | C] () -- C:\Documents and Settings\Fouzi\Local Settings\Application Data\aqucgam.exe
[2009/01/21 11:23:54 | 01,474,073 | -HS- | C] () -- C:\WINDOWS\System32\cdvmcywy.ini
[2009/01/19 17:13:01 | 01,471,324 | -HS- | C] () -- C:\WINDOWS\System32\klwoafdn.ini
[2009/01/19 17:13:01 | 00,068,608 | ---- | C] () -- C:\WINDOWS\System32\ndfaowlk.VIR
[2009/01/19 17:12:28 | 00,102,912 | ---- | C] () -- C:\WINDOWS\System32\swefikag.VIR
[2009/01/19 17:12:28 | 00,102,912 | ---- | C] () -- C:\WINDOWS\System32\llgyck.VIR
[2009/01/19 13:22:06 | 01,441,809 | -HS- | C] () -- C:\WINDOWS\System32\snkmletx.ini
[2009/01/19 13:22:03 | 00,102,912 | ---- | C] () -- C:\WINDOWS\System32\njujmb.VIR
[2009/01/19 13:22:02 | 00,102,912 | ---- | C] () -- C:\WINDOWS\System32\fttximsn.VIR
[2009/01/18 13:21:29 | 01,441,881 | -HS- | C] () -- C:\WINDOWS\System32\bdpnsvce.ini
[2009/01/18 13:20:12 | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\ptdpif.VIR
[2009/01/18 13:20:08 | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\kumbifeg.VIR
[2009/01/17 11:21:14 | 01,441,800 | -HS- | C] () -- C:\WINDOWS\System32\dkfdhfrj.ini
[2009/01/17 11:20:06 | 00,102,912 | ---- | C] () -- C:\WINDOWS\System32\kmleyu.VIR
[2009/01/17 11:20:04 | 00,102,912 | ---- | C] () -- C:\WINDOWS\System32\ajmtobpo.VIR
[2009/01/16 11:08:34 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\fwujvq.VIR000
[2009/01/16 11:08:32 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\nsyfhqba.VIR
[2009/01/16 11:07:50 | 01,441,778 | -HS- | C] () -- C:\WINDOWS\System32\ukftfafl.ini
[2009/01/15 09:43:21 | 01,414,004 | -HS- | C] () -- C:\WINDOWS\System32\avrmoybt.ini
[2009/01/15 09:40:33 | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\waiklm.VIR
[2009/01/15 09:40:31 | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\gtepugrt.VIR
[2009/01/14 17:29:24 | 00,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2009/01/13 20:44:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fouzi\Local Settings\Application Data\Adobe
[2009/01/13 20:42:47 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2009/01/13 20:42:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/01/13 20:42:17 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Adobe
[2009/01/13 20:41:41 | 00,000,000 | ---D | C] -- C:\Program Files\BoontyGames
[2009/01/13 20:41:37 | 00,000,000 | ---D | C] -- C:\Program Files\Boonty
[2009/01/13 20:38:31 | 26,596,640 | ---- | C] ( ) -- C:\Documents and Settings\Fouzi\Mes documents\AdbeRdr90_fr_FR.exe
[2009/01/13 16:11:20 | 01,387,456 | -HS- | C] () -- C:\WINDOWS\System32\nquixcqq.ini
[2009/01/13 16:09:33 | 00,104,448 | ---- | C] () -- C:\WINDOWS\System32\moxtvq.dll
[2009/01/13 16:09:32 | 00,104,448 | ---- | C] () -- C:\WINDOWS\System32\dbvnqdry.dll
[2009/01/12 10:30:16 | 00,103,424 | ---- | C] () -- C:\WINDOWS\System32\mwwmap.dll
[2009/01/12 10:30:15 | 00,103,424 | ---- | C] () -- C:\WINDOWS\System32\iplbrlxh.dll
[2009/01/12 10:28:08 | 01,298,838 | -HS- | C] () -- C:\WINDOWS\System32\wiwbdbbo.ini
[2009/01/11 15:34:45 | 00,000,000 | ---D | C] -- C:\Program Files\AceClockXP
[2009/01/11 14:33:43 | 00,000,000 | ---D | C] -- C:\Program Files\Horloge MF
[2009/01/11 14:33:01 | 04,621,722 | ---- | C] (O. Jonathan ) -- C:\Documents and Settings\Fouzi\Mes documents\horlogemf.exe
[2009/01/10 11:44:44 | 00,006,758 | ---- | C] () -- C:\MACDR001.CST
[2009/01/10 09:29:25 | 01,289,472 | -HS- | C] () -- C:\WINDOWS\System32\ohhxsonm.ini
[2009/01/10 09:27:12 | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\ptgxsust.dll
[2009/01/10 09:27:12 | 00,103,936 | ---- | C] () -- C:\WINDOWS\System32\clmvrr.dll

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/02/09 07:53:45 | 00,397,715 | -HS- | M] () -- C:\WINDOWS\System32\bLnmlnmp.ini
[2009/02/09 07:51:35 | 00,397,699 | -HS- | M] () -- C:\WINDOWS\System32\bLnmlnmp.ini2
[2009/02/09 07:51:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/02/09 07:51:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/02/09 07:36:32 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Fouzi\Bureau\HijackThis.lnk
[2009/02/09 07:25:21 | 00,016,784 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2009/02/09 07:24:49 | 00,104,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/08 17:34:04 | 04,776,230 | -H-- | M] () -- C:\Documents and Settings\Fouzi\Local Settings\Application Data\IconCache.db
[2009/02/08 17:24:28 | 42,668,68713 | ---- | M] () -- C:\Documents and Settings\Fouzi\Bureau\Music.rar
[2009/02/08 14:09:18 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/08 13:32:45 | 00,000,109 | ---- | M] () -- C:\WINDOWS\disney.ini
[2009/02/08 13:31:19 | 00,245,248 | ---- | M] () -- C:\Documents and Settings\Fouzi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/08 12:52:54 | 00,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/02/08 11:27:14 | 00,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/02/06 20:59:05 | 00,001,851 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\AntiVir PE Classic.lnk
[2009/02/06 18:53:40 | 00,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2009/02/06 18:49:38 | 00,003,798 | ---- | M] () -- C:\Documents and Settings\Fouzi\Local Settings\Application Data\aqucgam_navps.dat
[2009/02/06 18:49:27 | 00,003,261 | ---- | M] () -- C:\Documents and Settings\Fouzi\Local Settings\Application Data\aqucgam.dat
[2009/02/06 13:24:16 | 00,000,574 | ---- | M] () -- C:\Documents and Settings\Fouzi\Mes documents\Mes dossiers de partage.lnk
[2009/02/05 20:52:22 | 01,658,079 | -HS- | M] () -- C:\WINDOWS\System32\ukcnjkjh.ini
[2009/02/04 18:00:25 | 00,068,096 | ---- | M] () -- C:\WINDOWS\System32\hjkjncku.VIR
[2009/02/03 19:47:17 | 00,000,457 | ---- | M] () -- C:\WINDOWS\MyHeritage.INI
[2009/02/03 18:45:19 | 01,679,263 | -HS- | M] () -- C:\WINDOWS\System32\faqdxjwf.ini
[2009/02/03 17:54:55 | 00,068,096 | ---- | M] () -- C:\WINDOWS\System32\fwjxdqaf.VIR
[2009/02/03 16:42:33 | 01,677,842 | -HS- | M] () -- C:\WINDOWS\System32\bjliqijl.ini
[2009/02/03 16:42:26 | 01,677,842 | -HS- | M] () -- C:\WINDOWS\System32\fiqebfpt.ini
[2009/02/02 16:42:00 | 01,618,956 | -HS- | M] () -- C:\WINDOWS\System32\tlxlrjte.ini
[2009/01/31 21:07:10 | 01,618,929 | -HS- | M] () -- C:\WINDOWS\System32\sektcqoj.ini
[2009/01/31 17:59:21 | 01,618,911 | -HS- | M] () -- C:\WINDOWS\System32\trecdcgy.ini
[2009/01/31 11:56:47 | 00,003,532 | ---- | M] () -- C:\drmHeader.bin
[2009/01/30 17:58:20 | 01,618,911 | -HS- | M] () -- C:\WINDOWS\System32\jfpxsvgg.ini
[2009/01/29 16:49:45 | 00,068,096 | ---- | M] () -- C:\WINDOWS\System32\ggvsxpfj.VIR
[2009/01/29 13:37:04 | 01,552,200 | -HS- | M] () -- C:\WINDOWS\System32\avkrfaty.ini
[2009/01/29 12:51:37 | 00,335,064 | ---- | M] () -- C:\Documents and Settings\Fouzi\Local Settings\Application Data\aqucgam_nav.dat
[2009/01/29 11:45:34 | 01,552,191 | -HS- | M] () -- C:\WINDOWS\System32\jqrutrdj.ini
[2009/01/28 11:44:47 | 01,550,258 | -HS- | M] () -- C:\WINDOWS\System32\dwdlekry.ini
[2009/01/26 19:40:49 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\umdf\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/01/23 19:23:54 | 01,474,100 | -HS- | M] () -- C:\WINDOWS\System32\shytkbcf.ini
[2009/01/23 03:11:52 | 00,068,096 | ---- | M] () -- C:\WINDOWS\System32\fcbktyhs.VIR
[2009/01/22 12:52:26 | 01,474,109 | -HS- | M] () -- C:\WINDOWS\System32\bvahcelb.ini
[2009/01/22 11:25:10 | 01,474,073 | -HS- | M] () -- C:\WINDOWS\System32\cdvmcywy.ini
[2009/01/22 10:59:28 | 00,002,828 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/01/22 10:59:22 | 00,000,088 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\923EB3DDE0.sys
[2009/01/21 11:24:22 | 00,221,184 | ---- | M] () -- C:\Documents and Settings\Fouzi\Local Settings\Application Data\aqucgam.exe
[2009/01/20 17:13:25 | 01,471,324 | -HS- | M] () -- C:\WINDOWS\System32\klwoafdn.ini
[2009/01/19 17:13:01 | 00,068,608 | ---- | M] () -- C:\WINDOWS\System32\ndfaowlk.VIR
[2009/01/19 17:12:28 | 00,102,912 | ---- | M] () -- C:\WINDOWS\System32\swefikag.VIR
[2009/01/19 17:12:28 | 00,102,912 | ---- | M] () -- C:\WINDOWS\System32\llgyck.VIR
[2009/01/19 14:21:20 | 01,441,809 | -HS- | M] () -- C:\WINDOWS\System32\snkmletx.ini
[2009/01/19 13:22:03 | 00,102,912 | ---- | M] () -- C:\WINDOWS\System32\njujmb.VIR
[2009/01/19 13:22:03 | 00,102,912 | ---- | M] () -- C:\WINDOWS\System32\fttximsn.VIR
[2009/01/19 09:50:15 | 01,441,881 | -HS- | M] () -- C:\WINDOWS\System32\bdpnsvce.ini
[2009/01/18 13:20:11 | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\ptdpif.VIR
[2009/01/18 13:20:11 | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\kumbifeg.VIR
[2009/01/18 13:19:56 | 01,441,800 | -HS- | M] () -- C:\WINDOWS\System32\dkfdhfrj.ini
[2009/01/17 11:20:06 | 00,102,912 | ---- | M] () -- C:\WINDOWS\System32\kmleyu.VIR
[2009/01/17 11:20:06 | 00,102,912 | ---- | M] () -- C:\WINDOWS\System32\ajmtobpo.VIR
[2009/01/17 11:19:56 | 01,441,778 | -HS- | M] () -- C:\WINDOWS\System32\ukftfafl.ini
[2009/01/16 11:08:34 | 00,102,400 | ---- | M] () -- C:\WINDOWS\System32\nsyfhqba.VIR
[2009/01/16 11:08:34 | 00,102,400 | ---- | M] () -- C:\WINDOWS\System32\fwujvq.VIR000
[2009/01/16 11:07:22 | 01,414,004 | -HS- | M] () -- C:\WINDOWS\System32\avrmoybt.ini
[2009/01/15 09:40:31 | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\waiklm.VIR
[2009/01/15 09:40:31 | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\gtepugrt.VIR
[2009/01/14 20:17:08 | 01,387,456 | -HS- | M] () -- C:\WINDOWS\System32\nquixcqq.ini
[2009/01/13 20:42:47 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2009/01/13 20:41:41 | 26,596,640 | ---- | M] ( ) -- C:\Documents and Settings\Fouzi\Mes documents\AdbeRdr90_fr_FR.exe
[2009/01/13 16:09:33 | 00,104,448 | ---- | M] () -- C:\WINDOWS\System32\moxtvq.dll
[2009/01/13 16:09:33 | 00,104,448 | ---- | M] () -- C:\WINDOWS\System32\dbvnqdry.dll
[2009/01/13 10:28:38 | 01,298,838 | -HS- | M] () -- C:\WINDOWS\System32\wiwbdbbo.ini
[2009/01/12 10:30:16 | 00,103,424 | ---- | M] () -- C:\WINDOWS\System32\mwwmap.dll
[2009/01/12 10:30:16 | 00,103,424 | ---- | M] () -- C:\WINDOWS\System32\iplbrlxh.dll
[2009/01/12 10:27:30 | 01,289,472 | -HS- | M] () -- C:\WINDOWS\System32\ohhxsonm.ini
[2009/01/11 14:33:16 | 04,621,722 | ---- | M] (O. Jonathan ) -- C:\Documents and Settings\Fouzi\Mes documents\horlogemf.exe
[2009/01/10 14:34:00 | 00,006,758 | ---- | M] () -- C:\MACDR001.CST
[2009/01/10 09:27:12 | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\ptgxsust.dll
[2009/01/10 09:27:12 | 00,103,936 | ---- | M] () -- C:\WINDOWS\System32\clmvrr.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 0 bytes -> %UserProfile%\Bureau\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %SystemRoot%\System32\Thumbs.db:encryptable
<End>
abdel69120
 
Messages: 54
Inscription: 17 Avr 2007, 12:03
Localisation: Lyon

Messagede abdel69120 » 09 Fév 2009, 08:01

Extras.txt :
OTListIt Extras logfile created on: 09/02/2009 07:52:14 - Run 3
OTListIt2 by OldTimer - Version 1.0.4.1 Folder = C:\Documents and Settings\Fouzi\Bureau\Nouveau dossier (2)\logs
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 3,99 Gb Available in Paging File | 99,86% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 96,56 Gb Free Space | 64,79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-4CF35A70
Current User Name: Fouzi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 4
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"Firewalboverride" = 4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2006/10/10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/11/06 15:03:36 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2006/02/17 09:17:08 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server
[2006/10/10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2004/08/19 15:22:10 | 01,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2007/11/06 15:03:36 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
File not found -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2008/08/27 19:07:34 | 00,267,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2008/08/29 05:25:08 | 06,595,912 | ---- | M] (Pando Networks) -- C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:Pando Application
File not found -- C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager
File not found -- C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio
File not found -- C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile
File not found -- C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi
[2008/12/19 05:32:00 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
[2008/09/27 00:44:20 | 00,634,672 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2008/10/26 01:24:57 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
[2008/11/04 17:00:27 | 00,107,832 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
File not found -- C:\Program Files\Capcom\MotoGP 08\Launcher.exe:*:Enabled:MotoGP 08
File not found -- C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008079A8-9257-406E-B805-EFD696E125C1}" = Agendatronic
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{16E79B1D-D1C2-4CA6-8B23-F4D890E0DCB9}" = Orange Plug-in messagerie vocale 888
"{18063128-B9E1-AFAE-B7DD-2C313D2C375B}" = ccc-core-preinstall
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{235BBFC6-D863-4066-A01A-3BD504C31036}" = Nero 7 Ultra Edition
"{24141F03-D9B2-D029-1C94-0BBA9977D173}" = Skins
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 10
"{2A425503-3D15-BE66-8781-3D153AF1F8A9}" = CCC Help English
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3606BA17-5D3C-41F1-9F46-729E0301CDE2}" = Cam 3200 Driver
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3F7924B9-D148-3141-87B1-68F36043A940}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA
"{4DA3F9C6-A8E5-4E39-A01F-B4CE1513875B}" = ArcSoft MediaConverter
"{511DF669-2930-30C0-8EB6-552887E29EC8}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}" = Microsoft .NET Framework 3.5 Language Pack - fra
"{644EA08F-87D2-48C0-AE94-B327D1C85A97}" = Microsoft Private Folder 1.0
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{65F1CF63-31E0-450B-96F3-4A88BE7361A6}" = AGEIA PhysX v7.07.09
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = Analyseur et SDK MSXML 4.0 SP2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77FF5817-ABA9-1294-2D3D-A29F8FDA8BAD}" = ccc-core-static
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E0AED65-CE72-3715-5FD0-A18C149B5BFF}" = Catalyst Control Center Graphics Full Existing
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9542A589-9E34-4D25-BBED-E4AFA039AF56}" = Edison
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9DEE2DB4-D46C-E7CF-9465-802BD2077A0A}" = Catalyst Control Center Graphics Light
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1036-7B44-A90000000001}" = Adobe Reader 9 - Français
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Assistant de connexion Windows Live
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BADF6744-3787-48F6-B8C9-4C4995401D65}" = Windows Live Messenger
"{C02EDE17-BC2E-4393-70BD-36185ABEBFF7}" = Catalyst Control Center Graphics Previews Common
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1}" = Pando
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB5363FC-04F2-E3F2-78BD-A9A6DB63DB9E}" = ccc-utility
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}" = Windows Live installer
"{FEC22238-FB7E-5D07-F88A-78F15460073A}" = Catalyst Control Center Graphics Full New
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD06ACB-DF8B-D34D-9F9E-CDA18C15E208}" = Catalyst Control Center Core Implementation
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"adsl TV" = adsl TV
"AIDA32_is1" = AIDA32 v3.93
"All ATI Software" = ATI - Utilitaire de désinstallation du logiciel
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"aqucgam" = Favorit
"Ashampoo Movie Shrink & Burn 3_is1" = Ashampoo Movie Shrink & Burn 3.02
"AskSBar Uninstall" = Ask Toolbar
"ATI Display Driver" = ATI Display Driver
"Azureus Vuze" = Azureus Vuze
"Camera Drivers_is1" = Camera Drivers V1.4
"CCleaner" = CCleaner (remove only)
"eMule" = eMule
"eoEngine_is1" = eoEngine 7.1
"Family Tree Builder" = MyHeritage Family Tree Builder
"FileZilla Client" = FileZilla Client 3.1.2
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"LHTTSFRF" = L&H TTS3000 Français
"Magic ISO Maker v5.5 (build 0272)" = Magic ISO Maker v5.5 (build 0272)
"MediaCoder" = MediaCoder 0.6.1
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - fra" = Module linguistique Microsoft .NET Framework 3.5 - fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PhotoFiltre" = PhotoFiltre
"PunkBusterSvc" = PunkBuster Services
"Shutdown-IT" = Shutdown-IT
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VideoLAN VLC media player 0.8.6a
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 10
"WinRAR archiver" = Archiveur WinRAR
"Wintree_is1" = Wintree Version 3.1.9
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zoner Photo Studio 9_is1" = Zoner Photo Studio 9

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"19db00053237a445" = Euro2Cash
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"TransVente" = TransVente
"uTorrent" = µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1645522239-1965331169-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"19db00053237a445" = Euro2Cash
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"TransVente" = TransVente
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/02/2009 02:41:55 | Computer Name = USER-4CF35A70 | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> [Mon Feb
09 07:41:55 2009] [crit] (OS 87)Paramètre incorrect. : alloc_listener: failed
to get a socket for localhost .

Error - 09/02/2009 02:41:57 | Computer Name = USER-4CF35A70 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 09/02/2009 02:46:29 | Computer Name = USER-4CF35A70 | Source = EventSystem | ID = 4609
Description = Le système d'événements de COM+ a détecté un code de renvoi erroné
lors de son traitement interne. Le HRESULT est 800706BA à partir de la ligne 44
de d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services
du Support Technique Microsoft pour signaler cette erreu

Error - 09/02/2009 02:47:50 | Computer Name = USER-4CF35A70 | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> [Mon Feb
09 07:47:50 2009] [crit] (OS 87)Paramètre incorrect. : alloc_listener: failed
to get a socket for localhost .

Error - 09/02/2009 02:47:50 | Computer Name = USER-4CF35A70 | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> Syntax
error on line 121 of C:/Program Files/NVIDIA Corporation/NetworkAccessManager/Apache
Group/Apache2/conf/httpd.conf: .

Error - 09/02/2009 02:47:50 | Computer Name = USER-4CF35A70 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 09/02/2009 02:50:10 | Computer Name = USER-4CF35A70 | Source = EventSystem | ID = 4609
Description = Le système d'événements de COM+ a détecté un code de renvoi erroné
lors de son traitement interne. Le HRESULT est 800706BA à partir de la ligne 44
de d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services
du Support Technique Microsoft pour signaler cette erreu

Error - 09/02/2009 02:51:28 | Computer Name = USER-4CF35A70 | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> [Mon Feb
09 07:51:28 2009] [crit] (OS 87)Paramètre incorrect. : alloc_listener: failed
to get a socket for localhost .

Error - 09/02/2009 02:51:28 | Computer Name = USER-4CF35A70 | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> Syntax
error on line 121 of C:/Program Files/NVIDIA Corporation/NetworkAccessManager/Apache
Group/Apache2/conf/httpd.conf: .

Error - 09/02/2009 02:51:29 | Computer Name = USER-4CF35A70 | Source = JavaQuickStarterService | ID = 1
Description =

[ System Events ]
Error - 09/02/2009 02:47:53 | Computer Name = USER-4CF35A70 | Source = Service Control Manager | ID = 7023
Description = Le service Services IPSEC s'est arrêté avec l'erreur : %%87

Error - 09/02/2009 02:47:54 | Computer Name = USER-4CF35A70 | Source = Service Control Manager | ID = 7024
Description = Le service Service de transfert intelligent en arrière-plan s'est
arrêté avec l'erreur service particulière 2147942487 (0x80070057).

Error - 09/02/2009 02:48:24 | Computer Name = USER-4CF35A70 | Source = DCOM | ID = 10010
Description = Le serveur {4991D34B-80A1-4291-83B6-3328366B9097} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 09/02/2009 02:49:31 | Computer Name = USER-4CF35A70 | Source = Service Control Manager | ID = 7034
Description = Le service PnkBstrB s'est terminé de façon inattendue pour la 1ème
fois.

Error - 09/02/2009 02:49:33 | Computer Name = USER-4CF35A70 | Source = Service Control Manager | ID = 7034
Description = Le service Private Folder Service s'est terminé de façon inattendue
pour la 1ème fois.

Error - 09/02/2009 02:50:00 | Computer Name = USER-4CF35A70 | Source = Service Control Manager | ID = 7031
Description = Le service Appel de procédure distante (RPC) s'est terminé de manière
inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée
dans 60000 millisecondes : Redémarrer l'ordinateur.

Error - 09/02/2009 02:51:35 | Computer Name = USER-4CF35A70 | Source = Service Control Manager | ID = 7024
Description = Le service Forceware Web Interface s'est arrêté avec l'erreur service
particulière 1 (0x1).

Error - 09/02/2009 02:51:35 | Computer Name = USER-4CF35A70 | Source = Service Control Manager | ID = 7023
Description = Le service Services IPSEC s'est arrêté avec l'erreur : %%87

Error - 09/02/2009 02:51:35 | Computer Name = USER-4CF35A70 | Source = Service Control Manager | ID = 7024
Description = Le service Service de transfert intelligent en arrière-plan s'est
arrêté avec l'erreur service particulière 2147942487 (0x80070057).

Error - 09/02/2009 02:52:04 | Computer Name = USER-4CF35A70 | Source = DCOM | ID = 10010
Description = Le serveur {4991D34B-80A1-4291-83B6-3328366B9097} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.


<End>


Voilà. Merci.
abdel69120
 
Messages: 54
Inscription: 17 Avr 2007, 12:03
Localisation: Lyon

Messagede nickW » 10 Fév 2009, 01:34

Bonsoir,

Faut-il te féliciter:

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Fouzi\Application Data\uTorrent\Pinnacle Studio Plus v11 MultiLanguage Bonus DVD Incl Keygen.torrent
C:\DOCUME~1\Fouzi\Bureau\Pro evolution soccer 2009 [PC-DVD][Multi5][matrixmersion]\Pro evolution soccer 2009\Crack
C:\DOCUME~1\Fouzi\Bureau\Pro evolution soccer 2009 [PC-DVD][Multi5][matrixmersion]\Pro evolution soccer 2009\Crack\pes2009.exe
C:\DOCUME~1\Fouzi\Favoris\[EXCLU][CRACK] GTA 4 + tuto [sans bug] test‚ - .. B2hteam ...url
C:\DOCUME~1\Fouzi\Favoris\Site Torrent\SoftMaroc\SoftMaroc Voir le sujet - [MU]Magix Video Deluxe 2008 + Crack [FR] [2008].url
C:\DOCUME~1\Fouzi\Mes documents\Mes fichiers re‡us\Alcohol 1.9.6.5429 + Crack
C:\DOCUME~1\Fouzi\Mes documents\Mes fichiers re‡us\Alcohol 1.9.6.5429 + Crack.rar
C:\DOCUME~1\Fouzi\Mes documents\Mes fichiers re‡us\Ahead.Nero.v7.5.9.0.Multilingual.Incl.Keymaker-EMBRACE\Ahead.Nero.v7.5.9.0.Multilingual.Incl.Keymaker-EMBRACE\keygen.exe
C:\DOCUME~1\Fouzi\Mes documents\Mes fichiers re‡us\Alcohol 1.9.6.5429 + Crack\Alcohol 1.9.6.5429 + Crack
C:\DOCUME~1\Fouzi\Mes documents\Mes fichiers re‡us\Alcohol 1.9.6.5429 + Crack\Alcohol 1.9.6.5429 + Crack\Alcohol120 v1.9.6.5429 Retail.exe
C:\DOCUME~1\Fouzi\Mes documents\Mes fichiers re‡us\Alcohol 1.9.6.5429 + Crack\Alcohol 1.9.6.5429 + Crack\Crack
C:\DOCUME~1\Fouzi\Mes documents\Mes fichiers re‡us\Alcohol 1.9.6.5429 + Crack\Alcohol 1.9.6.5429 + Crack\Crack\Alcohol.exe
C:\DOCUME~1\Fouzi\Mes documents\Mes fichiers re‡us\Alcohol 1.9.6.5429 + Crack\Alcohol 1.9.6.5429 + Crack\Crack\ReadMe en.txt
C:\DOCUME~1\Fouzi\Mes documents\Mes fichiers re‡us\Alcohol 1.9.6.5429 + Crack\Alcohol 1.9.6.5429 + Crack\Crack\register.reg
C:\DOCUME~1\Fouzi\Mes documents\Mes fichiers re‡us\Alcohol 1.9.6.5429 + Crack\Alcohol 1.9.6.5429 + Crack\Crack\Serial.txt



Faut-il te complimenter de ne pas suivre les instructions:
OTListIt2 n'est pas sur le Bureau
C:\Documents and Settings\Fouzi\Bureau\Nouveau dossier (2)\logs\OTListIt2.exe



Premiers nettoyages, création d'autres rapports:

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec)

Étape 1: Malwarebytes' Anti-Malware, installation
Télécharger Malwarebytes' Anti-Malware depuis l'un des liens ci-dessous:
http://www.besttechie.net/tools/mbam-setup.exe
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Enregistrer ce fichier sur le Bureau.
Faire un double clic sur mbam-setup.exe pour lancer l'installation (Accepter le contrat de licence, puis valider les options par défaut).
Sur le dernier écran de la procédure d'installation, cocher la case située devant "Mettre à jour Malwarebytes' Anti-Malware", puis cliquer sur le bouton "Terminer".


Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "Activer Antivir Guard/AntiVir Guard enable"


Étape 3: Navilog1 (de IL-MAFIOSO), Option 1

Note préliminaire importante
Navilog1 est détecté par certains antivirus comme étant un RiskTool (outil à risque).
Ceci est exact puisque certains de ses composants, s'ils étaient mis entre de mauvaises mains, pourraient effectuer des actions dangereuses.
Dans le cas de Navilog1, il faut les laisser s'exécuter.



Télécharger Navilog1 par un clic droit sur le lien ci-dessous:
http://pagesperso-orange.fr/il.mafioso/ ... vilog1.exe
Enregistrer le fichier sur le Bureau.
Fermer toutes les applications actives (comme traitement de texte, navigateur).
Faire un double clic sur Navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, l'outil s'exécutera automatiquement.
(Si ce n'est pas le cas, faire un double clic sur le raccourci Navilog1 présent sur le Bureau).

Suivre les indications affichées.
Sur le menu principal, choisir l'option 1 et valider.
(ne pas choisir les options 2,3 ou 4 sans mon avis/accord)

Attendre jusqu'au message :
*** Analyse Termine le ..... ***
Appuyer sur une touche comme demandé, le Bloc-notes va s'ouvrir.
Note: Dans le Bloc-notes, vérifier dans le menu Format (en haut) que l'option "Retour automatique à la ligne" n'est pas cochée.
Enregistrer ce fichier sous le nom navi1.txt
Fermer le Bloc-notes.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)


Étape 4: Toolbar-S&D (de la Team IDN) , option 2: Suppression

Impératif: Fermer toutes les fenêtres de navigateur (Internet Explorer, Firefox, Mozilla, Opera, etc).

Faire un double clic sur ToolBarSD.exe situé sur le Bureau pour lancer l'exécution de l'outil.

Choisir la langue en tapant F puis en appuyant sur Entrée.
Lire l'avertissement, puis cliquer sur OK.

Après l'affichage du menu, taper 2 puis faire Entrée pour supprimer les fichiers responsables de l'infection.

Ne pas fermer la fenêtre pendant la suppression des fichiers!

Lorsque la suppression est terminée, une fenêtre du Bloc-notes s'ouvre et affiche le rapport (alias log).

Fermer le Bloc-notes, ce qui termine l'exécution de l'outil.

Note:
Si le Bureau ne réapparaît pas, ouvrir le Gestionnaire des tâches en utilisant simultanément les touches CTRL+ALT+SUPP.
Cliquer en haut sur le Menu Fichier et choisir Nouvelle tâche (Exécuter...).
Dans la nouvelle fenêtre Créer une nouvelle tâche qui s'est ouverte, dans la zone Ouvrir, taper exactement explorer puis cliquer sur le bouton OK. Le Bureau va réapparaître.


Étape 5: Malwarebytes' Anti-Malware, recherche
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats".

Cliquer sur le bouton "Enregistrer le rapport", valider la sauvegarde, puis cliquer sur le bouton "Quitter"


Étape 6: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 7: Résultat
Envoyer en réponse:
*- le rapport de Navilog1, Option 1 (contenu du fichier navi1.txt)
*- le rapport de Toolbar S&D (contenu du fichier SystemDrive\TB.txt)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le log de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-*-**-**** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs / *-**-**** (**-**-**) représente la date [mois-jour-année] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France


Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 16 invités