Gros soucis sur le pc

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Messagede WAFFY » 25 Fév 2009, 02:21

Re bonsoir nickW,
1 er rapport OTListIt.txt:

OTListIt logfile created on: 25/02/2009 01:33:26 - Run 6
OTListIt2 by OldTimer - Version 1.0.4.1 Folder = C:\Documents and Settings\Pascal\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

511,48 Mb Total Physical Memory | 247,42 Mb Available Physical Memory | 48,37% Memory free
1,22 Gb Paging File | 0,98 Gb Available in Paging File | 80,12% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,22 Gb Total Space | 18,61 Gb Free Space | 25,07% Space Free | Partition Type: NTFS
Drive D: | 72,27 Gb Total Space | 71,53 Gb Free Space | 98,98% Space Free | Partition Type: NTFS
Drive E: | 2,55 Gb Total Space | 2,55 Gb Free Space | 99,86% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PIV3000
Current User Name: Pascal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

[2009/02/13 15:32:24 | 00,282,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2009/02/23 23:49:50 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/05/03 05:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2009/02/13 15:32:26 | 00,311,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2009/02/13 15:32:24 | 00,902,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2004/08/19 16:10:06 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2001/10/22 14:33:58 | 00,045,056 | ---- | M] (Sharp Corporation) -- C:\WINDOWS\system32\SCUSAPI.exe
[2006/08/19 11:37:06 | 00,049,152 | ---- | M] (ZSMCSNAP) -- C:\WINDOWS\ZSSnp211.EXE
[2009/01/30 01:27:29 | 00,049,152 | ---- | M] () -- C:\WINDOWS\Domino.EXE
[2008/10/15 01:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[2009/02/13 15:32:24 | 01,177,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2009/02/23 23:49:50 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2003/07/08 15:25:22 | 00,925,770 | ---- | M] () -- C:\Program Files\modem ADSL USB\modem ADSL USB\DSLMON.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2009/02/07 20:20:33 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pascal\Bureau\OTListIt2.exe

========== (O23) Win32 Services (SafeList) ==========

[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2009/02/13 15:32:24 | 00,902,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2009/02/13 15:32:24 | 00,282,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2005/10/17 08:28:11 | 00,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA [Disabled | Stopped])
[2004/08/19 16:09:38 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
[2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2003/05/14 11:29:54 | 00,753,716 | ---- | M] () -- C:\Program Files\Ahead\InCD\incdsrv.exe -- (InCDsrv [Disabled | Stopped])
[2009/02/23 23:49:50 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2005/01/26 15:30:04 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
[2008/05/03 05:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2005/01/26 15:25:34 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
[2007/12/28 18:42:09 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Disabled | Stopped])
[2005/01/26 15:20:14 | 00,069,718 | ---- | M] (Sony Corporation) -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2006/04/03 17:12:14 | 00,014,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Disabled | Stopped])

========== Driver Services (SafeList) ==========

[2002/10/11 18:19:00 | 00,046,551 | ---- | M] (Analog Deivces) -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER [Auto | Stopped])
[2002/11/22 22:14:36 | 00,122,505 | ---- | M] (Analog Devices Inc.) -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw [On_Demand | Running])
[2004/02/24 04:08:52 | 00,400,384 | ---- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS [On_Demand | Running])
[2004/03/19 13:02:08 | 00,613,244 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2009/02/13 15:32:41 | 00,096,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2009/02/13 15:32:38 | 00,026,184 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2009/02/13 15:32:41 | 00,075,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [System | Running])
[2005/10/17 08:28:09 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS -- (CdaC15BA [Auto | Running])
[2003/12/03 17:44:58 | 00,013,566 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\drivers\cdrbsvsd.sys -- (cdrbsvsd [System | Running])
[2002/11/18 14:51:40 | 00,377,358 | ---- | M] (C-Media Inc) -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci [On_Demand | Stopped])
[2006/08/12 02:28:58 | 00,798,464 | ---- | M] (C-Media Inc) -- C:\WINDOWS\system32\drivers\cmuda3.sys -- (cmuda3 [On_Demand | Running])
[2003/05/14 11:31:32 | 00,085,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\incdfs.sys -- (InCDfs [Disabled | Running])
[2003/05/14 11:31:58 | 00,026,336 | ---- | M] (Ahead Software) -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass [System | Running])
[2003/04/25 13:13:42 | 00,023,920 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\system32\drivers\incdrm.sys -- (incdrm [System | Running])
[2004/03/12 18:23:56 | 00,845,092 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\Ctxs51.sys -- (Intels51 [On_Demand | Running])
[2008/05/03 05:46:00 | 06,554,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2001/08/28 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 22:05:16 | 00,028,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\OVCD.sys -- (QCDonner [On_Demand | Running])
[2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139 [On_Demand | Running])
[2001/10/22 14:33:46 | 00,031,728 | ---- | M] (Sharp Corporation) -- C:\WINDOWS\system32\drivers\SCUSPAC.SYS -- (SCUSMFP1 [Auto | Running])
[2001/10/22 14:33:46 | 00,022,796 | ---- | M] (Sharp Corporation) -- C:\WINDOWS\system32\drivers\SCUSPRO.SYS -- (SCUSMFP2 [Auto | Running])
[2001/10/22 14:33:58 | 00,025,768 | ---- | M] (Sharp Corporation) -- C:\WINDOWS\system32\drivers\SCUSUSB.SYS -- (SCUSUSB [On_Demand | Stopped])
[2005/04/20 17:15:52 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2005/08/10 13:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
[2005/05/16 14:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
[2005/04/14 13:12:32 | 00,019,968 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
[2005/11/03 15:40:07 | 00,063,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02 [Boot | Running])
[2001/08/17 21:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2005/12/22 12:24:50 | 00,080,272 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus [On_Demand | Stopped])
[2005/12/22 12:24:52 | 00,010,864 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl [On_Demand | Stopped])
[2005/12/22 12:24:52 | 00,137,884 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm [On_Demand | Stopped])
[2009/02/07 10:02:09 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2001/08/28 13:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
[2006/10/18 09:23:40 | 00,391,866 | ---- | M] (ZSMC Corporation) -- C:\WINDOWS\system32\drivers\ZS211.sys -- (ZSMC211 [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://windowsupdate.microsoft.com/
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-1177238915-1409082233-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-1177238915-1409082233-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
HKU\S-1-5-21-1177238915-1409082233-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKU\S-1-5-21-1177238915-1409082233-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-1177238915-1409082233-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://windowsupdate.microsoft.com/
HKU\S-1-5-21-1177238915-1409082233-839522115-1003\S-1-5-21-1177238915-1409082233-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
O3 - HKCU\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
O3 - HKCU\..\Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-1177238915-1409082233-839522115-1003\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
O3 - HKU\S-1-5-21-1177238915-1409082233-839522115-1003\..\Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Key does not exist or could not be opened. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Domino] C:\WINDOWS\Domino.exe ()
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [SCUSAPI] SCUSAPI.exe (Sharp Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe (ZSMCSNAP)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-1177238915-1409082233-839522115-1003..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk = C:\Program Files\modem ADSL USB\modem ADSL USB\DSLMON.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.)
O4 - Startup: C:\Documents and Settings\Cathy\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Léa\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Thomas\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ShutdownWithoutLogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLastUserName = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1177238915-1409082233-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1177238915-1409082233-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1177238915-1409082233-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1177238915-1409082233-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1177238915-1409082233-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKU\S-1-5-21-1177238915-1409082233-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 0
O7 - HKU\S-1-5-21-1177238915-1409082233-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKU\S-1-5-21-1177238915-1409082233-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\S-1-5-21-1177238915-1409082233-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1177238915-1409082233-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1177238915-1409082233-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_12.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 41 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: 39 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Sites: 40 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Sites: 40 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1177238915-1409082233-839522115-1003\..Trusted Sites: 39 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zone.msn.com/binary/ms ... b31267.cab (Checkers Class)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zone.msn.com/binary/Me ... b31267.cab (MessengerStatsClient Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9dmo.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Me ... b31267.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: DirectAnimation Java Classes (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: Microsoft XML Parser for Java (Reg Error: Key does not exist or could not be opened.)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - linkscanner - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler: - livecall - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msnim - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
avgrsstarter: "DllName" = avgrsstx.dll -- C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/11/18 16:08:40 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/02/25 01:26:32 | 00,051,344 | ---- | C] () -- C:\backup.reg
[2009/02/25 01:06:46 | 00,731,136 | ---- | C] () -- C:\Documents and Settings\Pascal\Bureau\avenger.exe
[2009/02/25 01:05:42 | 00,724,952 | ---- | C] () -- C:\Documents and Settings\Pascal\Bureau\avenger.zip
[2009/02/25 00:33:50 | 00,030,207 | ---- | C] () -- C:\Documents and Settings\Pascal\Mes documents\WAFFY.zip
[2009/02/24 01:46:48 | 00,089,600 | ---- | C] () -- C:\Documents and Settings\Pascal\Bureau\SystemLook.exe
[2009/02/23 23:45:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pascal\Bureau\JavaRa
[2009/02/19 23:23:43 | 00,000,000 | ---D | C] -- C:\Foxscan
[2009/02/15 11:07:52 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/15 11:07:52 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/02/15 11:07:50 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/15 11:07:49 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/02/15 10:16:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pascal\Bureau\MISE A JOUR
[2009/02/14 13:55:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pascal\Application Data\WinRAR
[2009/02/14 13:33:45 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/02/14 13:31:54 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\Pascal\Bureau\SDFix.exe
[2009/02/14 11:45:14 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/02/14 09:36:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pascal\Local Settings\Application Data\Mozilla
[2009/02/14 09:36:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pascal\Application Data\Mozilla
[2009/02/14 09:35:54 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2009/02/14 09:35:50 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/02/13 15:32:41 | 00,096,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/02/13 15:32:41 | 00,075,272 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/02/13 15:32:41 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/02/13 15:32:41 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\AVG Free 8.0.lnk
[2009/02/13 15:32:33 | 33,473,345 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/02/13 15:32:33 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/02/13 15:32:33 | 00,401,372 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/02/13 15:32:33 | 00,008,322 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/02/13 15:32:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/02/13 15:32:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pascal\Application Data\AVGTOOLBAR
[2009/02/13 15:32:23 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/02/13 15:32:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/02/13 13:26:36 | 00,000,000 | ---D | C] -- C:\Program Files\ma-config.com
[2009/02/13 13:26:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2009/02/13 12:48:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/02/13 00:23:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Kaspersky Lab
[2009/02/13 00:17:22 | 00,015,854 | ---- | C] () -- C:\Documents and Settings\Pascal\Mes documents\cc_20090213_001716.reg
[2009/02/07 20:20:26 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pascal\Bureau\OTListIt2.exe
[2009/02/07 20:17:54 | 00,000,000 | ---D | C] -- C:\HJThis
[2009/02/07 17:57:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2009/02/07 10:04:48 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/02/07 09:36:41 | 00,002,120 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/02/07 09:36:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pascal\Bureau\SmitfraudFix
[2009/02/07 09:18:55 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/02/07 08:47:43 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Pascal\Bureau\CCleaner.lnk
[2009/02/07 08:47:42 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/02/07 08:37:33 | 00,576,868 | ---- | C] (IL-MAFIOSO ) -- C:\Documents and Settings\Pascal\Bureau\Navilog1.exe
[2009/02/07 08:36:46 | 01,661,793 | ---- | C] () -- C:\Documents and Settings\Pascal\Bureau\SmitfraudFix.exe
[2009/02/07 08:36:32 | 00,096,978 | ---- | C] (Business Information Solutions) -- C:\Documents and Settings\Pascal\Bureau\VirtumundoBeGone.exe
[2009/02/07 00:27:40 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/02/06 22:58:58 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/02/03 03:13:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/02/02 23:31:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pascal\Bureau\backups
[2009/01/30 00:21:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pascal\Application Data\Malwarebytes
[2009/01/30 00:21:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/29 23:54:00 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/01/29 23:10:25 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 8.lnk
[2009/01/29 22:24:51 | 00,000,212 | ---- | C] () -- C:\Boot.bak
[2009/01/29 22:24:49 | 00,263,488 | ---- | C] () -- C:\cmldr
[2009/01/29 22:24:41 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/01/29 22:23:37 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/01/29 22:23:37 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/01/29 22:23:37 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/01/29 22:23:37 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/01/29 22:23:37 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/01/29 22:23:37 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/01/29 22:23:37 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/01/29 22:23:37 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/01/29 22:23:37 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/01/29 22:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/01/29 00:18:03 | 00,009,668 | ---- | C] () -- C:\Documents and Settings\Pascal\Mes documents\cc_20090129_001800.reg
[2009/01/28 23:05:32 | 00,038,748 | ---- | C] () -- C:\Documents and Settings\Pascal\Mes documents\cc_20090128_230526.reg

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/02/25 01:28:47 | 00,176,754 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/02/25 01:28:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/02/25 01:26:36 | 06,948,654 | -H-- | M] () -- C:\Documents and Settings\Pascal\Local Settings\Application Data\IconCache.db
[2009/02/25 01:26:32 | 00,051,344 | ---- | M] () -- C:\backup.reg
[2009/02/25 01:05:50 | 00,724,952 | ---- | M] () -- C:\Documents and Settings\Pascal\Bureau\avenger.zip
[2009/02/25 00:51:32 | 00,030,207 | ---- | M] () -- C:\Documents and Settings\Pascal\Mes documents\WAFFY.zip
[2009/02/24 12:53:19 | 33,473,345 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/02/24 02:14:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/02/24 01:46:50 | 00,089,600 | ---- | M] () -- C:\Documents and Settings\Pascal\Bureau\SystemLook.exe
[2009/02/23 23:37:00 | 00,000,512 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily).job
[2009/02/23 20:39:39 | 00,000,584 | ---- | M] () -- C:\Documents and Settings\Pascal\Mes documents\Mes dossiers de partage.lnk
[2009/02/23 18:57:42 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/02/23 18:57:42 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/02/23 17:56:56 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/02/23 17:56:55 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/02/23 08:31:42 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/02/23 08:31:42 | 00,401,372 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/02/23 08:31:42 | 00,008,322 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/02/23 08:21:14 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/02/23 08:21:13 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/02/23 08:02:49 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/02/23 08:02:49 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/02/22 10:39:29 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/02/22 10:39:28 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/02/22 00:53:18 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/02/22 00:53:18 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/02/21 16:41:26 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/02/21 16:41:26 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/02/21 06:59:42 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/02/21 06:59:42 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/02/20 22:23:42 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/02/20 22:23:42 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/02/20 17:12:47 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/02/20 17:12:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/02/20 10:50:29 | 00,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/02/20 10:50:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/02/20 10:17:21 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/02/20 10:17:21 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/02/19 23:14:45 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/02/19 23:14:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/02/19 16:32:07 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/02/16 19:20:47 | 00,000,211 | ---- | M] () -- C:\WINDOWS\spnutmp.ini
[2009/02/16 08:32:53 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/02/16 08:32:53 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/02/16 08:17:08 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/02/16 08:17:08 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/02/15 14:10:24 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/02/15 14:10:24 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/02/15 12:40:55 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/02/15 12:40:55 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/02/15 11:27:07 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/02/15 11:27:06 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/02/15 11:14:16 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/02/15 11:14:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/02/15 11:07:52 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/02/15 09:12:35 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/02/15 09:12:35 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/02/14 14:33:32 | 00,000,838 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/02/14 14:33:32 | 00,000,282 | RHS- | M] () -- C:\boot.ini
[2009/02/14 14:33:32 | 00,000,280 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/02/14 13:48:33 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/02/14 13:32:26 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\Pascal\Bureau\SDFix.exe
[2009/02/14 09:35:54 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2009/02/13 15:32:41 | 00,096,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/02/13 15:32:41 | 00,075,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/02/13 15:32:41 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/02/13 15:32:41 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\AVG Free 8.0.lnk
[2009/02/13 15:32:38 | 00,026,184 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/02/13 00:18:46 | 00,015,854 | ---- | M] () -- C:\Documents and Settings\Pascal\Mes documents\cc_20090213_001716.reg
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/09 18:50:13 | 00,147,968 | ---- | M] () -- C:\Documents and Settings\Pascal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/09 15:29:03 | 00,038,748 | ---- | M] () -- C:\Documents and Settings\Pascal\Mes documents\cc_20090128_230526.reg
[2009/02/07 20:27:22 | 01,661,793 | ---- | M] () -- C:\Documents and Settings\Pascal\Bureau\SmitfraudFix.exe
[2009/02/07 20:20:33 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pascal\Bureau\OTListIt2.exe
[2009/02/07 14:02:16 | 00,002,120 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/02/07 10:02:09 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/02/07 08:47:43 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Pascal\Bureau\CCleaner.lnk
[2009/02/07 08:37:38 | 00,576,868 | ---- | M] (IL-MAFIOSO ) -- C:\Documents and Settings\Pascal\Bureau\Navilog1.exe
[2009/02/07 08:36:36 | 00,096,978 | ---- | M] (Business Information Solutions) -- C:\Documents and Settings\Pascal\Bureau\VirtumundoBeGone.exe
[2009/02/06 23:41:20 | 00,161,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/06 23:37:27 | 00,033,112 | ---- | M] () -- C:\Documents and Settings\Pascal\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/30 01:27:29 | 00,049,152 | ---- | M] () -- C:\WINDOWS\Domino.EXE
[2009/01/29 23:10:25 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 8.lnk
[2009/01/29 00:18:44 | 00,009,668 | ---- | M] () -- C:\Documents and Settings\Pascal\Mes documents\cc_20090129_001800.reg
[2009/01/28 20:45:50 | 00,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Winamp.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> %UserProfile%\Mes documents\cc_20090128_230526.reg:SummaryInformation
@Alternate Data Stream - 88 bytes -> %SystemRoot%\Domino.EXE:SummaryInformation
@Alternate Data Stream - 0 bytes -> %UserProfile%\Mes documents\cc_20090128_230526.reg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Domino.EXE:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
<End>
WAFFY
 
Messages: 29
Inscription: 06 Fév 2009, 22:17

Messagede WAFFY » 25 Fév 2009, 02:30

Re-bonsoir à nouveau,

2ème rapport Extras.txt:

OTListIt Extras logfile created on: 25/02/2009 01:33:26 - Run 6
OTListIt2 by OldTimer - Version 1.0.4.1 Folder = C:\Documents and Settings\Pascal\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

511,48 Mb Total Physical Memory | 247,42 Mb Available Physical Memory | 48,37% Memory free
1,22 Gb Paging File | 0,98 Gb Available in Paging File | 80,12% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,22 Gb Total Space | 18,61 Gb Free Space | 25,07% Space Free | Partition Type: NTFS
Drive D: | 72,27 Gb Total Space | 71,53 Gb Free Space | 98,98% Space Free | Partition Type: NTFS
Drive E: | 2,55 Gb Total Space | 2,55 Gb Free Space | 99,86% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PIV3000
Current User Name: Pascal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] --
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2007/01/19 11:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/19 16:09:52 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test
[2007/01/19 11:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2006/08/26 12:01:22 | 00,106,496 | ---- | M] () -- C:\Documents and Settings\Thomas\Bureau\My games\Counter-Strike Source\hl2.exe:*:Disabled:hl2
File not found -- C:\Program Files\TmNationsForever\TmForever.exe:*:Disabled:TmForever
File not found -- C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
[2009/02/11 10:19:32 | 01,273,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware
[2009/02/13 16:00:49 | 01,032,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2009/02/13 15:32:24 | 00,902,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
"{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}" = Windows Live Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{44D02D8B-FFB3-4245-8D26-68D10B4C4023}" = Webcam (ZS0211)
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = modem ADSL USB
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90AF040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{917E73C2-C7DA-4C12-9774-A6A2730BCAAB}" = Worms Forts Under Siege
"{A122962F-331A-4C2E-93DB-AD92D8A4FB14}" = OpenOffice.org 2.4
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AC76BA86-7AD7-1036-7B44-A81300000003}" = Adobe Reader 8.1.3 - Français
"{AE01D94C-A3E6-437C-B278-88FE03C98E52}" = Kit de connexion ADSL
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}" = Windows Live Messenger
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG Free 8.0
"Cacheman 5.11" = Cacheman 5.11
"CCleaner" = CCleaner (remove only)
"CdaC13Ba" = SafeCast Shared Components
"CDex" = CDex extraction audio
"C-Media PCI Audio Driver" = C-Media WDM Audio Driver
"C-Media PCI Sound" = C-Media PCI Audio
"Creatix V.9X DSP Data Fax Modem" = Creatix V.9X DSP Data Fax Modem
"HijackThis" = HijackThis 2.0.2
"InCD!UninstallKey" = Ahead InCD
"InstallShield_{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"MRW!UninstallKey" = Ahead InCD EasyWrite Reader
"NMPUninstallKey" = Ahead NeroMediaPlayer
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.1-05-13-31-01" = OpenMG Limited Patch 4.1-05-13-31-01
"PCI Audio Driver" = PCI Audio Driver
"Pilote SHARP série AJ-6000" = Pilote SHARP série AJ-6000
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shareaza_is1" = Shareaza version 2.2.3.0
"The Sudoku Challenge-retail" = The Sudoku Challenge
"WidelookPlug" = Widelook Plug-in for Mozilla
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = Archiveur WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/02/2009 20:28:27 | Computer Name = PIV3000 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 24/02/2009 20:28:28 | Computer Name = PIV3000 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 24/02/2009 20:28:28 | Computer Name = PIV3000 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 24/02/2009 20:28:29 | Computer Name = PIV3000 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 24/02/2009 20:28:30 | Computer Name = PIV3000 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 24/02/2009 20:28:30 | Computer Name = PIV3000 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 24/02/2009 20:28:31 | Computer Name = PIV3000 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 24/02/2009 20:28:31 | Computer Name = PIV3000 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 24/02/2009 20:28:32 | Computer Name = PIV3000 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 24/02/2009 20:28:33 | Computer Name = PIV3000 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

[ System Events ]
Error - 24/02/2009 18:58:58 | Computer Name = PIV3000 | Source = Service Control Manager | ID = 7001
Description = Le service Hôte de périphérique universel Plug-and-Play dépend du
service Service de découvertes SSDP qui n'a pas pu démarrer en raison de l'erreur :
%%1058

Error - 24/02/2009 18:59:01 | Computer Name = PIV3000 | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : SASDIFSV SASKUTIL

Error - 24/02/2009 19:04:30 | Computer Name = PIV3000 | Source = Service Control Manager | ID = 7000
Description = Le service General Purpose USB Driver (adildr.sys) n'a pas pu démarrer
en raison de l'erreur : %%1058

Error - 24/02/2009 19:04:30 | Computer Name = PIV3000 | Source = Service Control Manager | ID = 7000
Description = Le service Pilote de port parallèle n'a pas pu démarrer en raison
de l'erreur : %%1058

Error - 24/02/2009 19:04:30 | Computer Name = PIV3000 | Source = Service Control Manager | ID = 7001
Description = Le service Hôte de périphérique universel Plug-and-Play dépend du
service Service de découvertes SSDP qui n'a pas pu démarrer en raison de l'erreur :
%%1058

Error - 24/02/2009 19:04:37 | Computer Name = PIV3000 | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : SASDIFSV SASKUTIL

Error - 24/02/2009 20:28:23 | Computer Name = PIV3000 | Source = Service Control Manager | ID = 7000
Description = Le service General Purpose USB Driver (adildr.sys) n'a pas pu démarrer
en raison de l'erreur : %%1058

Error - 24/02/2009 20:28:23 | Computer Name = PIV3000 | Source = Service Control Manager | ID = 7000
Description = Le service Pilote de port parallèle n'a pas pu démarrer en raison
de l'erreur : %%1058

Error - 24/02/2009 20:28:23 | Computer Name = PIV3000 | Source = Service Control Manager | ID = 7001
Description = Le service Hôte de périphérique universel Plug-and-Play dépend du
service Service de découvertes SSDP qui n'a pas pu démarrer en raison de l'erreur :
%%1058

Error - 24/02/2009 20:28:27 | Computer Name = PIV3000 | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : SASDIFSV SASKUTIL


<End>

Bon ben, bonne journée et bonne soirée à venir.
Encore merci....
WAFFY
 
Messages: 29
Inscription: 06 Fév 2009, 22:17

Messagede WAFFY » 25 Fév 2009, 02:59

Re-Re-Re bonsoir nickW,

Par acquis de conscience, avant d'aller dans les bras de Morphée, j'ai refait ta manip et OH! Miracle,ce coup ci çà a marché!
J'ai bien eu le bloc note et un rapport avenger.
(Je pense que Dieu n'est pour rien dans tout cela, j'avais vraiment du faire une con..... ! Peut-être la déconnection d'internet ?!
Bref,ci-joint le rapport avenger:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\Windows\System32\iebrowserc.dll" not found!
Deletion of file "C:\Windows\System32\iebrowserc.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\documents and settings\Pascal\Application Data\urlredir.cfg" not found!
Deletion of file "c:\documents and settings\Pascal\Application Data\urlredir.cfg" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\documents and settings\Thomas\Application Data\urlredir.cfg" not found!
Deletion of file "c:\documents and settings\Thomas\Application Data\urlredir.cfg" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\documents and settings\Cathy\Application Data\urlredir.cfg" not found!
Deletion of file "c:\documents and settings\Cathy\Application Data\urlredir.cfg" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\documents and settings\Léa\Application Data\urlredir.cfg" not found!
Deletion of file "c:\documents and settings\Léa\Application Data\urlredir.cfg" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\documents and settings\All Users\Application Data\urlredir.cfg" not found!
Deletion of file "c:\documents and settings\All Users\Application Data\urlredir.cfg" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\nso3C3.dll" not found!
Deletion of file "c:\windows\system32\nso3C3.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\System32\nso8.dll" not found!
Deletion of file "C:\WINDOWS\System32\nso8.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\nsdA.dll" not found!
Deletion of file "C:\WINDOWS\system32\nsdA.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\program files\mozilla firefox\components\nsdcads.dll" not found!
Deletion of file "c:\program files\mozilla firefox\components\nsdcads.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\System32\98a5e3ff-62f9-4650-087a-5f2f16a23de3.exe" not found!
Deletion of file "C:\WINDOWS\System32\98a5e3ff-62f9-4650-087a-5f2f16a23de3.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b9a85eaa-c89c-66bd-46c6-097f778c6d43}" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b9a85eaa-c89c-66bd-46c6-097f778c6d43}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IeBrowserCmp.BrowserCmp" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IeBrowserCmp.BrowserCmp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not delete registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall|98a5e3ff-62f9-4650-087a-5f2f16a23de3"
Deletion of registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall|98a5e3ff-62f9-4650-087a-5f2f16a23de3" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

Ceci dit, il n'a pas l'air d'avoir trouvé grand chose.
Peut-être les avait il effacés avant.....
J'espère que j'en ai pas refait une !(betise)
A suivre les nouveaux rapports OTLIST2
Rappel: je t'ai envoyé 1 mp
WAFFY
 
Messages: 29
Inscription: 06 Fév 2009, 22:17

Messagede WAFFY » 25 Fév 2009, 03:01

Ci-joint le nouveau rapport OTListIt.txt:

OTListIt logfile created on: 25/02/2009 02:40:19 - Run 7
OTListIt2 by OldTimer - Version 1.0.4.1 Folder = C:\Documents and Settings\Pascal\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

511,48 Mb Total Physical Memory | 242,54 Mb Available Physical Memory | 47,42% Memory free
1,22 Gb Paging File | 0,98 Gb Available in Paging File | 80,42% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,22 Gb Total Space | 18,60 Gb Free Space | 25,06% Space Free | Partition Type: NTFS
Drive D: | 72,27 Gb Total Space | 71,53 Gb Free Space | 98,98% Space Free | Partition Type: NTFS
Drive E: | 2,55 Gb Total Space | 2,55 Gb Free Space | 99,86% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PIV3000
Current User Name: Pascal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

[2009/02/13 15:32:24 | 00,282,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2009/02/23 23:49:50 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/05/03 05:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2009/02/13 15:32:26 | 00,311,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2009/02/13 15:32:24 | 00,902,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2004/08/19 16:10:06 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2001/10/22 14:33:58 | 00,045,056 | ---- | M] (Sharp Corporation) -- C:\WINDOWS\system32\SCUSAPI.exe
[2006/08/19 11:37:06 | 00,049,152 | ---- | M] (ZSMCSNAP) -- C:\WINDOWS\ZSSnp211.EXE
[2009/01/30 01:27:29 | 00,049,152 | ---- | M] () -- C:\WINDOWS\Domino.EXE
[2008/10/15 01:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[2009/02/13 15:32:24 | 01,177,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2009/02/23 23:49:50 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2003/07/08 15:25:22 | 00,925,770 | ---- | M] () -- C:\Program Files\modem ADSL USB\modem ADSL USB\DSLMON.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2009/02/07 20:20:33 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pascal\Bureau\OTListIt2.exe

========== (O23) Win32 Services (SafeList) ==========

[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2009/02/13 15:32:24 | 00,902,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2009/02/13 15:32:24 | 00,282,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2005/10/17 08:28:11 | 00,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA [Disabled | Stopped])
[2004/08/19 16:09:38 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
[2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2003/05/14 11:29:54 | 00,753,716 | ---- | M] () -- C:\Program Files\Ahead\InCD\incdsrv.exe -- (InCDsrv [Disabled | Stopped])
[2009/02/23 23:49:50 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2005/01/26 15:30:04 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
[2008/05/03 05:46:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2005/01/26 15:25:34 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
[2007/12/28 18:42:09 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Disabled | Stopped])
[2005/01/26 15:20:14 | 00,069,718 | ---- | M] (Sony Corporation) -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2006/04/03 17:12:14 | 00,014,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Disabled | Stopped])

========== Driver Services (SafeList) ==========

[2002/10/11 18:19:00 | 00,046,551 | ---- | M] (Analog Deivces) -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER [Auto | Stopped])
[2002/11/22 22:14:36 | 00,122,505 | ---- | M] (Analog Devices Inc.) -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw [On_Demand | Running])
[2004/02/24 04:08:52 | 00,400,384 | ---- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS [On_Demand | Running])
[2004/03/19 13:02:08 | 00,613,244 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2009/02/13 15:32:41 | 00,096,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2009/02/13 15:32:38 | 00,026,184 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2009/02/13 15:32:41 | 00,075,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [System | Running])
[2005/10/17 08:28:09 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS -- (CdaC15BA [Auto | Running])
[2003/12/03 17:44:58 | 00,013,566 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\drivers\cdrbsvsd.sys -- (cdrbsvsd [System | Running])
[2002/11/18 14:51:40 | 00,377,358 | ---- | M] (C-Media Inc) -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci [On_Demand | Stopped])
[2006/08/12 02:28:58 | 00,798,464 | ---- | M] (C-Media Inc) -- C:\WINDOWS\system32\drivers\cmuda3.sys -- (cmuda3 [On_Demand | Running])
[2003/05/14 11:31:32 | 00,085,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\incdfs.sys -- (InCDfs [Disabled | Running])
[2003/05/14 11:31:58 | 00,026,336 | ---- | M] (Ahead Software) -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass [System | Running])
[2003/04/25 13:13:42 | 00,023,920 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\system32\drivers\incdrm.sys -- (incdrm [System | Running])
[2004/03/12 18:23:56 | 00,845,092 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\Ctxs51.sys -- (Intels51 [On_Demand | Running])
[2008/05/03 05:46:00 | 06,554,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2001/08/28 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 22:05:16 | 00,028,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\OVCD.sys -- (QCDonner [On_Demand | Running])
[2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139 [On_Demand | Running])
[2001/10/22 14:33:46 | 00,031,728 | ---- | M] (Sharp Corporation) -- C:\WINDOWS\system32\drivers\SCUSPAC.SYS -- (SCUSMFP1 [Auto | Running])
[2001/10/22 14:33:46 | 00,022,796 | ---- | M] (Sharp Corporation) -- C:\WINDOWS\system32\drivers\SCUSPRO.SYS -- (SCUSMFP2 [Auto | Running])
[2001/10/22 14:33:58 | 00,025,768 | ---- | M] (Sharp Corporation) -- C:\WINDOWS\system32\drivers\SCUSUSB.SYS -- (SCUSUSB [On_Demand | Stopped])
[2005/04/20 17:15:52 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2005/08/10 13:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
[2005/05/16 14:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
[2005/04/14 13:12:32 | 00,019,968 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
[2005/11/03 15:40:07 | 00,063,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02 [Boot | Running])
[2001/08/17 21:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2005/12/22 12:24:50 | 00,080,272 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus [On_Demand | Stopped])
[2005/12/22 12:24:52 | 00,010,864 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl [On_Demand | Stopped])
[2005/12/22 12:24:52 | 00,137,884 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm [On_Demand | Stopped])
[2009/02/07 10:02:09 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2001/08/28 13:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
[2006/10/18 09:23:40 | 00,391,866 | ---- | M] (ZSMC Corporation) -- C:\WINDOWS\system32\drivers\ZS211.sys -- (ZSMC211 [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://windowsupdate.microsoft.com/
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-1177238915-1409082233-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-1177238915-1409082233-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
HKU\S-1-5-21-1177238915-1409082233-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKU\S-1-5-21-1177238915-1409082233-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-1177238915-1409082233-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://windowsupdate.microsoft.com/
HKU\S-1-5-21-1177238915-1409082233-839522115-1003\S-1-5-21-1177238915-1409082233-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
O3 - HKCU\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
O3 - HKCU\..\Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-1177238915-1409082233-839522115-1003\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
O3 - HKU\S-1-5-21-1177238915-1409082233-839522115-1003\..\Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Key does not exist or could not be opened. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Domino] C:\WINDOWS\Domino.exe ()
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [SCUSAPI] SCUSAPI.exe (Sharp Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe (ZSMCSNAP)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-1177238915-1409082233-839522115-1003..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk = C:\Program Files\modem ADSL USB\modem ADSL USB\DSLMON.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.)
O4 - Startup: C:\Documents and Settings\Cathy\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Léa\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Thomas\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ShutdownWithoutLogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLastUserName = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1177238915-1409082233-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1177238915-1409082233-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1177238915-1409082233-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1177238915-1409082233-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1177238915-1409082233-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKU\S-1-5-21-1177238915-1409082233-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 0
O7 - HKU\S-1-5-21-1177238915-1409082233-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKU\S-1-5-21-1177238915-1409082233-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\S-1-5-21-1177238915-1409082233-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1177238915-1409082233-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1177238915-1409082233-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_12.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 41 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: 39 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Sites: 40 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Sites: 40 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1177238915-1409082233-839522115-1003\..Trusted Sites: 39 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zone.msn.com/binary/ms ... b31267.cab (Checkers Class)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zone.msn.com/binary/Me ... b31267.cab (MessengerStatsClient Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9dmo.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Me ... b31267.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: DirectAnimation Java Classes (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: Microsoft XML Parser for Java (Reg Error: Key does not exist or could not be opened.)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - linkscanner - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler: - livecall - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msnim - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
avgrsstarter: "DllName" = avgrsstx.dll -- C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/11/18 16:08:40 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/02/25 02:37:03 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/02/25 01:06:46 | 00,731,136 | ---- | C] () -- C:\Documents and Settings\Pascal\Bureau\avenger.exe
[2009/02/25 01:05:42 | 00,724,952 | ---- | C] () -- C:\Documents and Settings\Pascal\Bureau\avenger.zip
[2009/02/25 00:33:50 | 00,030,207 | ---- | C] () -- C:\Documents and Settings\Pascal\Mes documents\WAFFY.zip
[2009/02/24 01:46:48 | 00,089,600 | ---- | C] () -- C:\Documents and Settings\Pascal\Bureau\SystemLook.exe
[2009/02/23 23:45:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pascal\Bureau\JavaRa
[2009/02/19 23:23:43 | 00,000,000 | ---D | C] -- C:\Foxscan
[2009/02/15 11:07:52 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/15 11:07:52 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/02/15 11:07:50 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/15 11:07:49 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/02/15 10:16:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pascal\Bureau\MISE A JOUR
[2009/02/14 13:55:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pascal\Application Data\WinRAR
[2009/02/14 13:33:45 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/02/14 13:31:54 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\Pascal\Bureau\SDFix.exe
[2009/02/14 11:45:14 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/02/14 09:36:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pascal\Local Settings\Application Data\Mozilla
[2009/02/14 09:36:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pascal\Application Data\Mozilla
[2009/02/14 09:35:54 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2009/02/14 09:35:50 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/02/13 15:32:41 | 00,096,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/02/13 15:32:41 | 00,075,272 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/02/13 15:32:41 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/02/13 15:32:41 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\AVG Free 8.0.lnk
[2009/02/13 15:32:33 | 33,473,345 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/02/13 15:32:33 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/02/13 15:32:33 | 00,401,372 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/02/13 15:32:33 | 00,008,322 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/02/13 15:32:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/02/13 15:32:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pascal\Application Data\AVGTOOLBAR
[2009/02/13 15:32:23 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/02/13 15:32:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/02/13 13:26:36 | 00,000,000 | ---D | C] -- C:\Program Files\ma-config.com
[2009/02/13 13:26:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2009/02/13 12:48:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/02/13 00:23:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Kaspersky Lab
[2009/02/13 00:17:22 | 00,015,854 | ---- | C] () -- C:\Documents and Settings\Pascal\Mes documents\cc_20090213_001716.reg
[2009/02/07 20:20:26 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pascal\Bureau\OTListIt2.exe
[2009/02/07 20:17:54 | 00,000,000 | ---D | C] -- C:\HJThis
[2009/02/07 17:57:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2009/02/07 10:04:48 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/02/07 09:36:41 | 00,002,120 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/02/07 09:36:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pascal\Bureau\SmitfraudFix
[2009/02/07 09:18:55 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/02/07 08:47:43 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Pascal\Bureau\CCleaner.lnk
[2009/02/07 08:47:42 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/02/07 08:37:33 | 00,576,868 | ---- | C] (IL-MAFIOSO ) -- C:\Documents and Settings\Pascal\Bureau\Navilog1.exe
[2009/02/07 08:36:46 | 01,661,793 | ---- | C] () -- C:\Documents and Settings\Pascal\Bureau\SmitfraudFix.exe
[2009/02/07 08:36:32 | 00,096,978 | ---- | C] (Business Information Solutions) -- C:\Documents and Settings\Pascal\Bureau\VirtumundoBeGone.exe
[2009/02/07 00:27:40 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/02/06 22:58:58 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/02/03 03:13:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/02/02 23:31:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pascal\Bureau\backups
[2009/01/30 00:21:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pascal\Application Data\Malwarebytes
[2009/01/30 00:21:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/29 23:54:00 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/01/29 23:10:25 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 8.lnk
[2009/01/29 22:24:51 | 00,000,212 | ---- | C] () -- C:\Boot.bak
[2009/01/29 22:24:49 | 00,263,488 | ---- | C] () -- C:\cmldr
[2009/01/29 22:24:41 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/01/29 22:23:37 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/01/29 22:23:37 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/01/29 22:23:37 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/01/29 22:23:37 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/01/29 22:23:37 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/01/29 22:23:37 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/01/29 22:23:37 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/01/29 22:23:37 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/01/29 22:23:37 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/01/29 22:23:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/01/29 00:18:03 | 00,009,668 | ---- | C] () -- C:\Documents and Settings\Pascal\Mes documents\cc_20090129_001800.reg
[2009/01/28 23:05:32 | 00,038,748 | ---- | C] () -- C:\Documents and Settings\Pascal\Mes documents\cc_20090128_230526.reg

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/02/25 02:38:10 | 00,176,754 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/02/25 02:37:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/02/25 02:36:21 | 06,948,932 | -H-- | M] () -- C:\Documents and Settings\Pascal\Local Settings\Application Data\IconCache.db
[2009/02/25 02:14:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/02/25 01:05:50 | 00,724,952 | ---- | M] () -- C:\Documents and Settings\Pascal\Bureau\avenger.zip
[2009/02/25 00:51:32 | 00,030,207 | ---- | M] () -- C:\Documents and Settings\Pascal\Mes documents\WAFFY.zip
[2009/02/24 12:53:19 | 33,473,345 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/02/24 01:46:50 | 00,089,600 | ---- | M] () -- C:\Documents and Settings\Pascal\Bureau\SystemLook.exe
[2009/02/23 23:37:00 | 00,000,512 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily).job
[2009/02/23 20:39:39 | 00,000,584 | ---- | M] () -- C:\Documents and Settings\Pascal\Mes documents\Mes dossiers de partage.lnk
[2009/02/23 18:57:42 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/02/23 18:57:42 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/02/23 17:56:56 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/02/23 17:56:55 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/02/23 08:31:42 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/02/23 08:31:42 | 00,401,372 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/02/23 08:31:42 | 00,008,322 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/02/23 08:21:14 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/02/23 08:21:13 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/02/23 08:02:49 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/02/23 08:02:49 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/02/22 10:39:29 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/02/22 10:39:28 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/02/22 00:53:18 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/02/22 00:53:18 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/02/21 16:41:26 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/02/21 16:41:26 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/02/21 06:59:42 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/02/21 06:59:42 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/02/20 22:23:42 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/02/20 22:23:42 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/02/20 17:12:47 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/02/20 17:12:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/02/20 10:50:29 | 00,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/02/20 10:50:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/02/20 10:17:21 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/02/20 10:17:21 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/02/19 23:14:45 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/02/19 23:14:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/02/19 16:32:07 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/02/16 19:20:47 | 00,000,211 | ---- | M] () -- C:\WINDOWS\spnutmp.ini
[2009/02/16 08:32:53 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/02/16 08:32:53 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/02/16 08:17:08 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/02/16 08:17:08 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/02/15 14:10:24 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/02/15 14:10:24 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/02/15 12:40:55 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/02/15 12:40:55 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/02/15 11:27:07 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/02/15 11:27:06 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/02/15 11:14:16 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/02/15 11:14:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/02/15 11:07:52 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/02/15 09:12:35 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/02/15 09:12:35 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/02/14 14:33:32 | 00,000,838 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/02/14 14:33:32 | 00,000,282 | RHS- | M] () -- C:\boot.ini
[2009/02/14 14:33:32 | 00,000,280 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/02/14 13:48:33 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/02/14 13:32:26 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\Pascal\Bureau\SDFix.exe
[2009/02/14 09:35:54 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2009/02/13 15:32:41 | 00,096,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/02/13 15:32:41 | 00,075,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/02/13 15:32:41 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/02/13 15:32:41 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\AVG Free 8.0.lnk
[2009/02/13 15:32:38 | 00,026,184 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/02/13 00:18:46 | 00,015,854 | ---- | M] () -- C:\Documents and Settings\Pascal\Mes documents\cc_20090213_001716.reg
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/09 18:50:13 | 00,147,968 | ---- | M] () -- C:\Documents and Settings\Pascal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/09 15:29:03 | 00,038,748 | ---- | M] () -- C:\Documents and Settings\Pascal\Mes documents\cc_20090128_230526.reg
[2009/02/07 20:27:22 | 01,661,793 | ---- | M] () -- C:\Documents and Settings\Pascal\Bureau\SmitfraudFix.exe
[2009/02/07 20:20:33 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pascal\Bureau\OTListIt2.exe
[2009/02/07 14:02:16 | 00,002,120 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/02/07 10:02:09 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/02/07 08:47:43 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Pascal\Bureau\CCleaner.lnk
[2009/02/07 08:37:38 | 00,576,868 | ---- | M] (IL-MAFIOSO ) -- C:\Documents and Settings\Pascal\Bureau\Navilog1.exe
[2009/02/07 08:36:36 | 00,096,978 | ---- | M] (Business Information Solutions) -- C:\Documents and Settings\Pascal\Bureau\VirtumundoBeGone.exe
[2009/02/06 23:41:20 | 00,161,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/06 23:37:27 | 00,033,112 | ---- | M] () -- C:\Documents and Settings\Pascal\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/30 01:27:29 | 00,049,152 | ---- | M] () -- C:\WINDOWS\Domino.EXE
[2009/01/29 23:10:25 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 8.lnk
[2009/01/29 00:18:44 | 00,009,668 | ---- | M] () -- C:\Documents and Settings\Pascal\Mes documents\cc_20090129_001800.reg
[2009/01/28 20:45:50 | 00,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Winamp.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> %UserProfile%\Mes documents\cc_20090128_230526.reg:SummaryInformation
@Alternate Data Stream - 88 bytes -> %SystemRoot%\Domino.EXE:SummaryInformation
@Alternate Data Stream - 0 bytes -> %UserProfile%\Mes documents\cc_20090128_230526.reg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Domino.EXE:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
<End>
WAFFY
 
Messages: 29
Inscription: 06 Fév 2009, 22:17

Messagede WAFFY » 25 Fév 2009, 03:09

Et le 2ème rapport Extras.txt:

OTListIt Extras logfile created on: 25/02/2009 02:40:19 - Run 7
OTListIt2 by OldTimer - Version 1.0.4.1 Folder = C:\Documents and Settings\Pascal\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

511,48 Mb Total Physical Memory | 242,54 Mb Available Physical Memory | 47,42% Memory free
1,22 Gb Paging File | 0,98 Gb Available in Paging File | 80,42% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,22 Gb Total Space | 18,60 Gb Free Space | 25,06% Space Free | Partition Type: NTFS
Drive D: | 72,27 Gb Total Space | 71,53 Gb Free Space | 98,98% Space Free | Partition Type: NTFS
Drive E: | 2,55 Gb Total Space | 2,55 Gb Free Space | 99,86% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PIV3000
Current User Name: Pascal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] --
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2007/01/19 11:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/19 16:09:52 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test
[2007/01/19 11:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2006/08/26 12:01:22 | 00,106,496 | ---- | M] () -- C:\Documents and Settings\Thomas\Bureau\My games\Counter-Strike Source\hl2.exe:*:Disabled:hl2
File not found -- C:\Program Files\TmNationsForever\TmForever.exe:*:Disabled:TmForever
File not found -- C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
[2009/02/11 10:19:32 | 01,273,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware
[2009/02/13 16:00:49 | 01,032,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2009/02/13 15:32:24 | 00,902,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
"{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}" = Windows Live Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{44D02D8B-FFB3-4245-8D26-68D10B4C4023}" = Webcam (ZS0211)
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = modem ADSL USB
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90AF040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{917E73C2-C7DA-4C12-9774-A6A2730BCAAB}" = Worms Forts Under Siege
"{A122962F-331A-4C2E-93DB-AD92D8A4FB14}" = OpenOffice.org 2.4
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AC76BA86-7AD7-1036-7B44-A81300000003}" = Adobe Reader 8.1.3 - Français
"{AE01D94C-A3E6-437C-B278-88FE03C98E52}" = Kit de connexion ADSL
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}" = Windows Live Messenger
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG Free 8.0
"Cacheman 5.11" = Cacheman 5.11
"CCleaner" = CCleaner (remove only)
"CdaC13Ba" = SafeCast Shared Components
"CDex" = CDex extraction audio
"C-Media PCI Audio Driver" = C-Media WDM Audio Driver
"C-Media PCI Sound" = C-Media PCI Audio
"Creatix V.9X DSP Data Fax Modem" = Creatix V.9X DSP Data Fax Modem
"HijackThis" = HijackThis 2.0.2
"InCD!UninstallKey" = Ahead InCD
"InstallShield_{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"MRW!UninstallKey" = Ahead InCD EasyWrite Reader
"NMPUninstallKey" = Ahead NeroMediaPlayer
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.1-05-13-31-01" = OpenMG Limited Patch 4.1-05-13-31-01
"PCI Audio Driver" = PCI Audio Driver
"Pilote SHARP série AJ-6000" = Pilote SHARP série AJ-6000
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shareaza_is1" = Shareaza version 2.2.3.0
"The Sudoku Challenge-retail" = The Sudoku Challenge
"WidelookPlug" = Widelook Plug-in for Mozilla
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = Archiveur WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/02/2009 20:28:33 | Computer Name = PIV3000 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 24/02/2009 21:37:47 | Computer Name = PIV3000 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 24/02/2009 21:37:52 | Computer Name = PIV3000 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 24/02/2009 21:37:54 | Computer Name = PIV3000 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 24/02/2009 21:37:54 | Computer Name = PIV3000 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 24/02/2009 21:37:55 | Computer Name = PIV3000 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 24/02/2009 21:37:56 | Computer Name = PIV3000 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 24/02/2009 21:37:58 | Computer Name = PIV3000 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 24/02/2009 21:37:59 | Computer Name = PIV3000 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 24/02/2009 21:37:59 | Computer Name = PIV3000 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

[ System Events ]
Error - 24/02/2009 19:04:30 | Computer Name = PIV3000 | Source = Service Control Manager | ID = 7001
Description = Le service Hôte de périphérique universel Plug-and-Play dépend du
service Service de découvertes SSDP qui n'a pas pu démarrer en raison de l'erreur :
%%1058

Error - 24/02/2009 19:04:37 | Computer Name = PIV3000 | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : SASDIFSV SASKUTIL

Error - 24/02/2009 20:28:23 | Computer Name = PIV3000 | Source = Service Control Manager | ID = 7000
Description = Le service General Purpose USB Driver (adildr.sys) n'a pas pu démarrer
en raison de l'erreur : %%1058

Error - 24/02/2009 20:28:23 | Computer Name = PIV3000 | Source = Service Control Manager | ID = 7000
Description = Le service Pilote de port parallèle n'a pas pu démarrer en raison
de l'erreur : %%1058

Error - 24/02/2009 20:28:23 | Computer Name = PIV3000 | Source = Service Control Manager | ID = 7001
Description = Le service Hôte de périphérique universel Plug-and-Play dépend du
service Service de découvertes SSDP qui n'a pas pu démarrer en raison de l'erreur :
%%1058

Error - 24/02/2009 20:28:27 | Computer Name = PIV3000 | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : SASDIFSV SASKUTIL

Error - 24/02/2009 21:37:46 | Computer Name = PIV3000 | Source = Service Control Manager | ID = 7000
Description = Le service General Purpose USB Driver (adildr.sys) n'a pas pu démarrer
en raison de l'erreur : %%1058

Error - 24/02/2009 21:37:46 | Computer Name = PIV3000 | Source = Service Control Manager | ID = 7000
Description = Le service Pilote de port parallèle n'a pas pu démarrer en raison
de l'erreur : %%1058

Error - 24/02/2009 21:37:46 | Computer Name = PIV3000 | Source = Service Control Manager | ID = 7001
Description = Le service Hôte de périphérique universel Plug-and-Play dépend du
service Service de découvertes SSDP qui n'a pas pu démarrer en raison de l'erreur :
%%1058

Error - 24/02/2009 21:37:54 | Computer Name = PIV3000 | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : SASDIFSV SASKUTIL


<End>

Bon voilà.
Ce coup ci, j'y vais ( me coucher).
Encore mille excuses si j'en ai fait une !
Et bon courage à toi.
Des nouvelles du pc: toujours pareil: pas de maj de Malwarebytes, ni d'Avg. Je n'essaye même pas d'installer spybot, je suppose que c'est pareil.....
J'attends de tes nouvelles. Merci d'avance
Encore merci
WAFFY
 
Messages: 29
Inscription: 06 Fév 2009, 22:17

Messagede nickW » 27 Fév 2009, 01:39

Bonsoir,

Quatre autres pistes:

1/ Vérifier les paramètres DNS

Démarrer---->Paramètres---->Panneau de configuration---->Connexions réseau
Faire un clic droit sur la connexion par défaut, nommée en général "Connexion au réseau local" ou "Accès à distance" si vous utilisez un modem téléphonique, et choisir Propriétés.
Faire un double clic sur l'élément Protocole Internet (TCP/IP)
Si dans les adresses des serveurs DNS (préféré et auxiliaire) tu vois des adresses commençant par 85.255, faire ceci:
*- cocher le bouton-radio Obtenir les adresses des serveurs DNS automatiquement.
*- cliquer deux fois sur OK, et faire redémarrer l'ordinateur.


2/ Vider le cache de résolution DNS:

Démarrer---->Exécuter...
Saisir:
ipconfig¤/flushdns
(le caractère ¤ représente un espace)
puis cliquer sur OK
Enfin taper exit puis appuyer sur Entrée


3/ Vérifier les paramètres DNS de la "box" ... si ta connexion passe par une "box" :wink:


4/ Lister les connexions établies
CurrPorts (de NirSoft)
Télécharger CurrPorts depuis la page: http://www.nirsoft.net/utils/cports.html

Voir en bas de page: Download CurrPorts (in Zip file)
et télécharger aussi le fichier de langue française en cliquant sur le lien "French".

Créer un nouveau dossier nommé Nirsoft et y décompresser (clic droit, puis Extraire tout) les deux archives téléchargées.

Fermer toutes les fenêtres de navigateur (Internet Explorer, Firefox, ...).

Lancer CurrPorts par un double clic sur cports.exe (dans le dossier Nirsoft).

Cliquer sur le menu Edition (en haut), puis choisir Sélectionner tout.

Cliquer sur le menu Fichier (en haut), puis choisir Enregistrer les éléments sélectionnés.
Donner un nom au fichier (par exemple: currports-log-090226.txt).
Fermer CurrPorts.


Envoyer en réponse:
*- le rapport de CurrPorts (contenu du fichier currports-log-090226.txt)
Comme ce log contient des adresses IP réelles, tu peux me l'envoyer par MP (Message Privé).

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede WAFFY » 27 Fév 2009, 03:28

Bonsoir nickW,

Je t'ai envoyé 1 mp.

Merci.

A suivre,
WAFFY
 
Messages: 29
Inscription: 06 Fév 2009, 22:17

Messagede nickW » 27 Fév 2009, 19:14

Bonsoir,

Tentative de nettoyage de cette clé récalcitrante:


Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec).


Étape 1: Création du fichier repar.reg
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK
Faire un copier/coller des lignes ci-dessous (dans la zone blanche située sous "Code:") dans cette fenêtre du Bloc-notes.
Code: Tout sélectionner
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3160F356-E8C3-4DE2-A698-92EEEB3D3400}]

[-HKEY_CLASSES_ROOT\Typelib\{3160f356-e8c3-4de2-a698-92eeeb3d3400}]



Vérifier (dans le menu Format) que "Retour automatique à ligne" n'est pas actif (pas coché), comme ceci:
Image

Enregistrer le fichier sous le nom de repar.reg
Attention no 1: Il y a une ligne blanche après la dernière ligne
Attention no 2: l'extension doit être .reg , choisir "Tous les fichiers" dans la liste déroulante de "Type" lors du "Enregistrer sous.." comme ceci:
Image

Si l'extension est .reg.txt, renommer le fichier en .reg
Fermer le Bloc-notes.


Étape 2: Mode sans échec
Faire redémarrer le PC en mode sans échec en utilisant la méthode F8 (F5 sur certains PCs). Impératif: ne pas utiliser la méthode "msconfig"!
Voir http://assiste.com.free.fr/p/comment/co ... echec.html
Fermer le plus possible de fenêtres.
Pas de connexion Internet ouverte, pas d'Internet Explorer ouvert.


Étape 3: Utilisation du fichier repar.reg
Faire un clic droit sur repar.reg, puis dans le menu contextuel choisir Fusionner et accepter la fusion dans le Registre.


Étape 4: Redémarrage
Faire redémarrer le PC en mode normal.

Malwarebytes' Anti-Malware trouve-t-il toujours la clé infectée par Adware.RightOnAds?

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede WAFFY » 28 Fév 2009, 21:49

Bonsoir nickW,

Apès ta manip, Malwarebytes trouve toujours la clé infectée.
J'ai recommencé 2 fois. Même résultat.
Ci-joint le log :
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1813
Windows 5.1.2600 Service Pack 2

28/02/2009 21:28:06
mbam-log-2009-02-28 (21-28-06).txt

Type de recherche: Examen rapide
Eléments examinés: 92140
Temps écoulé: 5 minute(s), 14 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Typelib\{3160f356-e8c3-4de2-a698-92eeeb3d3400} (Adware.RightOnAds) -> Delete on reboot.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

A suivre,
WAFFY
 
Messages: 29
Inscription: 06 Fév 2009, 22:17

Messagede WAFFY » 06 Mar 2009, 17:36

Bonsoir nickW,

J'ai réessayé aujourd'hui ton "repar.reg" sans connection internet, en désactivant le pare-feu windows, le tea-timer et le sd-helper de Spybot , le resident shield de AVG, en rebootant sans echec et en fusionnant le repar.reg, il me dit que cela s'est bien enregistré dans le registre, mais en rebootant en mode normal, Malware trouve toujours la même clé infectée.
Ceci dit, cela n'a pas l'air de pertuber le pc, ni de gêner son fonctionnement.
Dois-je cloturer le sujet ?
A suivre,
WAFFY
 
Messages: 29
Inscription: 06 Fév 2009, 22:17

Précédente

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 30 invités