[abandon] demande analyse dde log

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[abandon] demande analyse dde log

Messagede bayonnais » 07 Aoû 2009, 14:19

Bonjour à tous,

ci -après le log créé suite à l'impossibilité de créer un point de restauration, l'impossibilité de défragmenter mon DD "C" et suite à l'apparition intempestive du message : "your pc is infected" et proposition d'utilisation de "systeme security" ?????

log mbam :

Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2573
Windows 5.1.2600 Service Pack 3

07/08/2009 15:01:03
mbam-log-2009-08-07 (15-00-21).txt

Type de recherche: Examen rapide
Eléments examinés: 102436
Temps écoulé: 8 minute(s), 17 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
C:\Documents and Settings\All Users\Application Data\13694064\13694064.exe (Rogue.Multiple.H) -> No action taken.
C:\WINDOWS\Temp\_ex-68.exe (Trojan.Dropper) -> No action taken.

Module(s) mémoire infecté(s):
\\?\globalroot\systemroot\system32\hjgruiiqptxjui.dll (Trojan.TDSS) -> No action taken.

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\13694064 (Rogue.Multiple.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\promoreg (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\MyID (Malware.Trace) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\13694064 (Rogue.Multiple.H) -> No action taken.

Fichier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\13694064\13694064 (Rogue.Multiple.H) -> No action taken.
C:\Documents and Settings\All Users\Application Data\13694064\13694064.exe (Rogue.Multiple.H) -> No action taken.
\\?\globalroot\systemroot\system32\hjgruiiqptxjui.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\Temp\_ex-68.exe (Trojan.Dropper) -> No action taken.
bayonnais
 
Messages: 54
Inscription: 31 Mar 2005, 03:04

Messagede bayonnais » 07 Aoû 2009, 14:20

rapport OTL :

OTL logfile created on: 07/08/2009 15:03:47 - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\grosmougin daniel\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1023,48 Mb Total Physical Memory | 562,96 Mb Available Physical Memory | 55,00% Memory free
2,40 Gb Paging File | 1,94 Gb Available in Paging File | 80,89% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 91,47 Gb Total Space | 44,86 Gb Free Space | 49,04% Space Free | Partition Type: NTFS
Drive D: | 91,89 Gb Total Space | 91,84 Gb Free Space | 99,95% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIDART
Current User Name: grosmougin daniel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/02/25 23:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2009/02/25 23:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2009/07/21 15:12:57 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/07/21 15:12:57 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2006/11/22 15:05:02 | 00,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\System32\drivers\CDAC11BA.EXE
PRC - [2009/08/07 11:46:07 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/04/14 04:34:03 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/06/29 09:06:38 | 00,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2004/10/07 17:53:06 | 00,131,072 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
PRC - [2003/05/07 21:56:22 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
PRC - [2003/04/08 13:45:44 | 00,212,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PRC - [2002/12/17 12:40:22 | 00,049,152 | R--- | M] () -- C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
PRC - [2003/05/23 04:56:42 | 00,483,328 | R--- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\hphmon05.exe
PRC - [2009/03/02 13:08:11 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/08/07 11:46:07 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2004/09/15 14:35:16 | 00,679,936 | ---- | M] ( ) -- C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
PRC - [2008/12/18 15:32:52 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2008/12/18 14:19:44 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
PRC - [2005/04/08 08:39:26 | 00,360,448 | ---- | M] (acer Inc.) -- C:\Program Files\acer\eRecovery\Monitor.exe
PRC - [2009/08/07 14:45:41 | 00,010,752 | ---- | M] () -- C:\WINDOWS\TEMP\prpqfuxxtv.exe
PRC - [2009/08/07 14:45:54 | 00,398,848 | ---- | M] () -- C:\WINDOWS\Temp\_ex-68.exe
PRC - [2009/08/07 14:46:15 | 00,715,840 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\13694064\13694064.exe
PRC - [2009/08/07 14:23:32 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\grosmougin daniel\Bureau\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/07/21 15:12:57 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/07/21 15:12:57 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/25 23:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009/02/25 16:15:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - File not found -- -- (Boonty Games [On_Demand | Stopped])
SRV - [2006/11/22 15:05:02 | 00,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\System32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/01/04 03:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/14 04:33:38 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/08/07 11:46:07 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/05/14 21:45:04 | 00,065,795 | R--- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2009/07/22 15:25:01 | 00,059,904 | RHS- | M] () -- C:\WINDOWS\System32\12520850l.exe -- (SysmonLogxmlprov [Auto | Stopped])
SRV - [2006/11/03 10:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2005/02/23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\Afc.sys -- (Afc [On_Demand | Running])
DRV - [2008/12/29 19:32:16 | 00,082,380 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
DRV - [2004/06/29 09:07:18 | 01,268,204 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2009/02/26 00:58:57 | 03,565,568 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2009/02/13 12:34:33 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2009/03/24 16:07:58 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2009/03/30 10:32:47 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2008/02/27 14:49:00 | 00,003,840 | ---- | M] () -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt [System | Running])
DRV - [2006/11/22 15:05:02 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\System32\drivers\CdaC15BA.SYS -- (CdaC15BA [Auto | Running])
DRV - [2005/02/14 02:00:00 | 00,007,168 | ---- | M] () -- C:\Program Files\K!TV\Plugins\S_Bt8x8\DSDrv4.sys -- (DSDrv4 [On_Demand | Stopped])
DRV - [2003/05/14 21:19:52 | 00,051,056 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running])
DRV - [2003/05/14 21:19:54 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
DRV - [2003/05/14 21:17:54 | 00,021,488 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])
DRV - [2005/01/13 14:46:16 | 00,069,632 | ---- | M] () -- C:\Program Files\acer\eRecovery\int15.sys -- (int15.sys [On_Demand | Running])
DRV - [2005/12/25 17:55:02 | 00,162,432 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\ithsgt.sys -- (ithsgt [Auto | Running])
DRV - [2005/12/25 17:55:02 | 00,012,032 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lilsgt.sys -- (lilsgt [Auto | Running])
DRV - [2001/08/17 21:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2008/04/13 20:46:22 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\MPE.sys -- (MPE [On_Demand | Stopped])
DRV - [2006/12/18 18:50:21 | 00,021,120 | ---- | M] (NCH Swift Sound) -- C:\WINDOWS\System32\drivers\nchssvad.sys -- (NCHSSVAD [On_Demand | Stopped])
DRV - [2008/05/10 22:37:03 | 00,042,512 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\drivers\npf.sys -- (NPF [On_Demand | Running])
DRV - [2005/06/09 05:12:44 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) -- C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])
DRV - [2005/02/11 04:11:02 | 00,089,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus [Boot | Running])
DRV - [2004/09/10 19:58:52 | 00,052,224 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvax.sys -- (nvax [On_Demand | Running])
DRV - [2005/02/11 04:11:32 | 00,016,640 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvcchflt.sys -- (nvcchflt [Boot | Running])
DRV - [2004/11/15 23:44:38 | 00,033,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2004/11/15 23:44:42 | 00,012,928 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2004/09/10 20:02:12 | 00,412,032 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvapu.sys -- (nvnforce [On_Demand | Running])
DRV - [2004/08/05 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2006/01/17 23:37:20 | 00,278,144 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\PTV339.SYS -- (PTV339 [On_Demand | Stopped])
DRV - [2008/11/20 21:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2009/08/05 16:06:28 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/08/05 16:06:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/08/05 16:06:28 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2007/11/13 12:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2009/07/21 15:12:57 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2001/08/23 18:20:50 | 00,006,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Stopped])
DRV - [2004/12/17 17:14:44 | 00,013,952 | ---- | M] () -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper [System | Running])
DRV - [2004/10/18 12:25:04 | 00,208,851 | ---- | M] (Copyright @2000-2006 Leadtek Research Inc.) -- C:\WINDOWS\System32\drivers\wf88vcap.sys -- (WF23880 [Auto | Running])
DRV - [2004/10/18 12:25:06 | 00,010,324 | ---- | M] (Copyright @2000-2006 Leadtek Research Inc.) -- C:\WINDOWS\System32\drivers\WF88XBAR.sys -- (WF88XBAR [Auto | Running])
DRV - [2005/01/06 17:55:38 | 00,009,446 | ---- | M] (Leadtek Research Inc.) -- C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS -- (WFIOCTL [On_Demand | Stopped])
DRV - [2004/10/18 12:25:04 | 00,034,789 | ---- | M] (Copyright @2000-2006 Leadtek Research Inc.) -- C:\WINDOWS\System32\drivers\WF88TUNE.sys -- (WFTUNE [Auto | Running])
DRV - [2004/09/02 23:18:22 | 00,379,456 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\WlanUIG.sys -- (WlanUIG [On_Demand | Running])
DRV - [2004/09/02 23:18:20 | 00,016,292 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1870323859-2635139054-2631270777-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1870323859-2635139054-2631270777-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1870323859-2635139054-2631270777-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-1870323859-2635139054-2631270777-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1870323859-2635139054-2631270777-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.avironbayonnaisrugby.fr/index.php
IE - URLSearchHook: {64F56FC1-1272-44CD-BA6E-39723696E350} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1870323859-2635139054-2631270777-1006\S-1-5-21-1870323859-2635139054-2631270777-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT890832&SearchSource=3&q="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.meteociel.fr/accueil/temperatures.php|http://france.meteofrance.com/france/accueil|http://www.lequipe.fr/home.html|http://bayonnais.fr/index.php|http://www.abrugby.fr/splash_screen/abonnement.aspx|http://www.athle.com/ffa.performance/|http://www.acrimed.org/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.9.3
FF - prefs.js..extensions.enabledItems: fr@dictionaries.addons.mozilla.org:2.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6
FF - prefs.js..extensions.enabledItems: {A4732521-77D9-447E-A557-B279AC923F06}:0.6.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.66
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q="

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/07 11:46:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/27 12:15:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/21 17:01:04 | 00,000,000 | ---D | M]

[2008/06/18 17:17:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\grosmougin daniel\Application Data\mozilla\Extensions
[2008/06/18 17:17:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\grosmougin daniel\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/07 14:42:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\grosmougin daniel\Application Data\mozilla\Firefox\Profiles\5s8fr8a8.default\extensions
[2009/08/07 14:42:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\grosmougin daniel\Application Data\mozilla\Firefox\Profiles\5s8fr8a8.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/08/07 14:42:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\grosmougin daniel\Application Data\mozilla\Firefox\Profiles\5s8fr8a8.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2009/07/03 22:55:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\grosmougin daniel\Application Data\mozilla\Firefox\Profiles\5s8fr8a8.default\extensions\{A4732521-77D9-447E-A557-B279AC923F06}
[2008/09/12 14:05:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\grosmougin daniel\Application Data\mozilla\Firefox\Profiles\5s8fr8a8.default\extensions\{B5EDFBB0-9827-11DA-A72B-0800200C9A66}
[2009/08/07 14:42:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\grosmougin daniel\Application Data\mozilla\Firefox\Profiles\5s8fr8a8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2007/08/06 12:36:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\grosmougin daniel\Application Data\mozilla\Firefox\Profiles\5s8fr8a8.default\extensions\{d7391b81-3a63-4c1d-9b64-ec5b85adf42d}
[2009/07/03 22:57:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\grosmougin daniel\Application Data\mozilla\Firefox\Profiles\5s8fr8a8.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2008/05/24 23:41:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\grosmougin daniel\Application Data\mozilla\Firefox\Profiles\5s8fr8a8.default\extensions\{eef03057-e4c4-4cbe-bdd3-9b21ce8e7ac2}
[2009/08/07 14:42:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\grosmougin daniel\Application Data\mozilla\Firefox\Profiles\5s8fr8a8.default\extensions\fr@dictionaries.addons.mozilla.org
[2008/11/23 19:36:23 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\grosmougin daniel\Application Data\Mozilla\FireFox\Profiles\5s8fr8a8.default\searchplugins\ask.xml
[2009/08/07 11:47:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/03 22:45:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/07 11:46:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/07/21 17:00:51 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/21 17:00:51 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/01/16 20:17:04 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/08/07 11:46:07 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/07/03 22:57:42 | 00,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2008/06/26 20:26:01 | 00,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npgcplug.dll
[2009/07/21 17:00:57 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2005/04/27 22:10:49 | 00,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npracplug.dll
[2006/09/26 13:03:14 | 00,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2009/07/21 17:00:58 | 00,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2009/07/21 17:00:58 | 00,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009/07/21 17:00:58 | 00,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2009/07/21 17:00:58 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/27 09:02:51 | 00,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2009/07/21 17:00:58 | 00,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2009/07/21 17:00:58 | 00,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: (790 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - No CLSID value found.
O2 - BHO: (NTIECatcher Class) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll (Xi)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-1870323859-2635139054-2631270777-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1870323859-2635139054-2631270777-1006\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [13694064] C:\Documents and Settings\All Users\Application Data\13694064\13694064.exe ()
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EoEngine] File not found
O4 - HKLM..\Run: [eRecoveryService] C:\WINDOWS\System32\Check.exe (acer Inc.)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-68.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1870323859-2635139054-2631270777-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnceEx: [Flag] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunServices: [Microsoft Updates] File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe ( )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1870323859-2635139054-2631270777-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1870323859-2635139054-2631270777-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfrogweb.com/advanced/ ... module.exe (CamfrogWEB Advanced Unicode Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} http://secure2.comned.com/signuptemplat ... -devel.cab (SecureLogin class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab (IWinAmpActiveX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/09 05:13:04 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3f966cc2-df79-11d9-8efa-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{3f966cc2-df79-11d9-8efa-806d6172696f}\Shell\AutoRun\command - "" = E:\MSWORKS\autorun.exe -- File not found
O33 - MountPoints2\{73ec8b7e-8db2-11db-8cd0-0003c97f17a3}\Shell\AutoRun\command - "" = setupSNK.exe
O33 - MountPoints2\{f337b4b0-3181-11de-90e0-0003c97f17a3}\Shell\AutoRun\command - "" = K:\start.exe -- File not found
O33 - MountPoints2\{f337b4b0-3181-11de-90e0-0003c97f17a3}\Shell\FramaKey\command - "" = K:\start.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/07 14:46:38 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/07 14:46:37 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/07 14:46:37 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/07 14:46:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\13694064
[2009/08/07 14:44:34 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\grosmougin daniel\Bureau\mbam-setup.exe
[2009/08/07 14:23:31 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\grosmougin daniel\Bureau\OTL.exe
[2009/08/07 12:10:59 | 00,001,584 | ---- | C] () -- C:\Documents and Settings\grosmougin daniel\Bureau\Defraggler.lnk
[2009/08/07 12:10:58 | 00,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2009/08/07 11:47:16 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Wise Installation Wizard
[2009/08/07 11:47:14 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/08/07 11:46:17 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/07 11:46:17 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/07 11:46:17 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/07 11:46:17 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/08/07 11:46:04 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/08/07 06:27:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\grosmougin daniel\Application Data\vlc
[2009/08/06 11:14:12 | 00,000,000 | ---D | C] -- C:\Program Files\Seppia Interactive
[2009/07/27 16:29:54 | 00,000,000 | ---D | C] -- C:\Program Files\Mystery Masterpiece - The Moonstone
[2009/07/27 16:29:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\Art Detective
[2009/07/27 13:51:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/07/27 13:50:57 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/07/27 13:50:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\grosmougin daniel\Application Data\SUPERAntiSpyware.com
[2009/07/27 11:52:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\Pahelika - Secret Legends
[2009/07/27 11:52:55 | 00,000,000 | ---D | C] -- C:\Program Files\Pahelika - Secret Legends
[2009/07/22 16:35:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2009/07/22 16:35:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Farm Frenzy 3
[2009/07/22 16:35:00 | 00,000,000 | ---D | C] -- C:\Program Files\Farm Frenzy 3
[2009/07/22 15:25:04 | 00,006,636 | --S- | C] () -- C:\WINDOWS\System32\1231089608.dat
[2009/07/22 15:25:01 | 00,059,904 | RHS- | C] () -- C:\WINDOWS\System32\12520850l.exe
[2009/07/20 17:23:50 | 00,001,542 | ---- | C] () -- C:\Documents and Settings\grosmougin daniel\Bureau\K!TV.lnk
[2009/07/20 16:59:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\grosmougin daniel\Mes documents\Plugins
[2009/07/15 17:38:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Little Games Company
[2009/07/11 17:26:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2009/07/11 12:43:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\3rd Eye Solutions
[2009/07/09 15:26:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EscapeFromParadise2
[2009/07/09 14:55:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UClick
[2009/07/09 12:45:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nick Chase A Detective Story
[2008/11/13 17:27:35 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/06/26 10:52:41 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/06/26 10:52:41 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/04/05 15:44:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Pool.INI
[2007/05/25 22:06:47 | 00,001,725 | ---- | C] () -- C:\WINDOWS\carax95.ini
[2007/05/20 09:26:09 | 00,000,094 | -H-- | C] () -- C:\WINDOWS\System32\spv1_WCssg.ini
[2007/03/06 20:43:33 | 00,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2006/11/22 15:07:36 | 00,000,713 | ---- | C] () -- C:\WINDOWS\DigbysDonuts.ini
[2006/11/20 16:10:28 | 00,000,176 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/31 17:14:55 | 00,000,021 | ---- | C] () -- C:\WINDOWS\kit.ini
[2006/05/22 10:58:14 | 00,001,208 | ---- | C] () -- C:\WINDOWS\Radio_Fr.ini
[2006/04/26 22:04:34 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/04/26 22:04:26 | 00,278,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\PTV339.SYS
[2006/04/16 18:35:47 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006/01/28 19:01:26 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2006/01/28 19:01:26 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006/01/11 18:17:40 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/12/25 17:55:02 | 00,162,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\ithsgt.sys
[2005/12/25 17:55:02 | 00,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\lilsgt.sys
[2005/11/07 13:42:16 | 00,005,632 | R--- | C] () -- C:\WINDOWS\System32\CNMVSya.DLL
[2005/10/18 17:54:14 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/01 15:16:56 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/10/01 15:16:56 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/09/22 17:52:11 | 00,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/09/21 15:25:35 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/09/21 14:21:35 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2005/09/20 21:31:26 | 00,000,067 | ---- | C] () -- C:\WINDOWS\StationRipper.INI
[2005/09/20 21:03:28 | 00,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/20 18:13:33 | 00,091,680 | ---- | C] () -- C:\WINDOWS\System32\Autorun.ini
[2005/09/20 16:04:37 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll
[2005/06/17 23:51:52 | 00,000,083 | ---- | C] () -- C:\WINDOWS\ALAUNCH.INI
[2005/06/17 23:51:48 | 00,000,464 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2005/06/10 04:50:11 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/09 05:13:45 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/06/09 05:12:46 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/06/09 05:12:46 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/06/09 05:12:46 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/06/09 05:12:46 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/06/09 05:06:23 | 00,008,073 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/06/09 05:01:20 | 00,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/12/17 17:14:44 | 00,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2001/12/26 16:12:30 | 00,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1980/01/01 00:00:00 | 00,000,976 | ---- | C] () -- C:\WINDOWS\win.ini
[1980/01/01 00:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[2009/08/07 14:44:50 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\grosmougin daniel\Bureau\mbam-setup.exe
[2009/08/07 14:41:22 | 00,000,464 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2009/08/07 14:41:11 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/07 14:40:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/07 14:40:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/07 14:40:35 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/07 14:23:32 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\grosmougin daniel\Bureau\OTL.exe
[2009/08/07 12:10:59 | 00,001,584 | ---- | M] () -- C:\Documents and Settings\grosmougin daniel\Bureau\Defraggler.lnk
[2009/08/07 11:50:01 | 00,000,364 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2009/08/07 11:46:06 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/08/07 11:46:06 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/07 11:46:06 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/07 11:46:06 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/07 11:46:06 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/08/07 11:35:52 | 00,006,636 | --S- | M] () -- C:\WINDOWS\System32\1231089608.dat
[2009/08/07 10:04:32 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/07 06:26:39 | 00,072,704 | ---- | M] () -- C:\Documents and Settings\grosmougin daniel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/05 10:56:34 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/22 15:25:01 | 00,059,904 | RHS- | M] () -- C:\WINDOWS\System32\12520850l.exe
[2009/07/21 15:12:57 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/07/20 17:23:50 | 00,001,542 | ---- | M] () -- C:\Documents and Settings\grosmougin daniel\Bureau\K!TV.lnk
[2009/07/19 15:29:21 | 03,597,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/07/19 15:29:21 | 03,597,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/07/19 15:29:19 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/07/19 15:29:19 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/11 17:26:25 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Game.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8643C5BE
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C282BEA
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19C3BC3A
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BFC41B39
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DEE6B65
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E9B629B
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:466F9D5D
@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED2998F5
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33EA030E
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DD87D86
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A7901A9
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F02F4882
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F64FC07C
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB24555F
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B52F176
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B419A171
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C491D31
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2C80DE4
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8CD2C07
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0F20871
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:517B507A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4E5024A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B885D7E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9DF07E8F
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CACEF61
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40D8F125
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31080D0E
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA42DF8E
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8402E62C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55BB2521
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B61DB9F
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ABE30DDB
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEB5C6E8
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93C494CA
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C030A75
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2ABEB9EB
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DF68137
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D24FC46
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7AD9690
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:615435BE
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A0021708
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8944C195
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C60A173
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1F04E8D
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A58B27C9
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0FEE87
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D21BAD68
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C12E68D
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F0007D6
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:957E9765
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:797D7632
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12D2EB9C
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1316EAD4
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1361E51
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA05E0C4
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A15F65E0
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C2E33402
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A1A3CC5
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AE68282
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50631D57
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BC498A4
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD953D0B
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:020ACF72
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A8247A9
<End>
bayonnais
 
Messages: 54
Inscription: 31 Mar 2005, 03:04

Messagede bayonnais » 07 Aoû 2009, 14:21

Rapport Extras :

OTL Extras logfile created on: 07/08/2009 15:03:47 - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\grosmougin daniel\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1023,48 Mb Total Physical Memory | 562,96 Mb Available Physical Memory | 55,00% Memory free
2,40 Gb Paging File | 1,94 Gb Available in Paging File | 80,89% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 91,47 Gb Total Space | 44,86 Gb Free Space | 49,04% Space Free | Partition Type: NTFS
Drive D: | 91,89 Gb Total Space | 91,84 Gb Free Space | 99,95% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIDART
Current User Name: grosmougin daniel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VLS\vls.exe" = C:\Program Files\VLS\vls.exe:*:Enabled:vls -- ()
"C:\Program Files\Kazaa Lite K++\KazaaLite.kpp" = C:\Program Files\Kazaa Lite K++\KazaaLite.kpp:*:Enabled:KazaaLite -- File not found
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- File not found
"C:\Program Files\Ratajik Software\StationRipper\StationRipperConsole.exe" = C:\Program Files\Ratajik Software\StationRipper\StationRipperConsole.exe:*:Enabled:StationRipperConsole -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MaxTV\maxtv.exe" = C:\Program Files\MaxTV\maxtv.exe:*:Enabled:MaxTV Online -- File not found
"C:\Documents and Settings\grosmougin daniel\Mes documents\logiciels\jeux\racer053b4\racer053b4\racer.exe" = C:\Documents and Settings\grosmougin daniel\Mes documents\logiciels\jeux\racer053b4\racer053b4\racer.exe:*:Enabled:racer -- File not found
"C:\Program Files\Last.fm\LastFM.exe" = C:\Program Files\Last.fm\LastFM.exe:*:Enabled:LastFM -- File not found
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Azureus Inc)
"C:\Documents and Settings\All Users\Documents\jeux partagés\AnGo´s Game Collection\Assimilation\server.exe" = C:\Documents and Settings\All Users\Documents\jeux partagés\AnGo´s Game Collection\Assimilation\server.exe:*:Enabled:server -- ()
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\TVAnts\Tvants.exe" = C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts -- File not found
"C:\Program Files\Kazaa Lite K++\KLConfigWizard.exe" = C:\Program Files\Kazaa Lite K++\KLConfigWizard.exe:*:Enabled:User Configuration Wizard -- File not found
"C:\Documents and Settings\grosmougin daniel\Mes documents\logiciels\wn111_setup_2_1_ww\wn111_setup_2_1_ww.exe" = C:\Documents and Settings\grosmougin daniel\Mes documents\logiciels\wn111_setup_2_1_ww\wn111_setup_2_1_ww.exe:*:Enabled:wn111_setup_2_1_ww -- (NETGEAR )
"\" = C:\WINDOWS\system\svchost.exe:*:Enabled:KL -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0E691604-B328-4B4A-8F17-C9D6395075C5}" = Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{4324BC93-C82F-ED16-BA86-5E34B9E05303}" = ccc-core-static
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{4ED118EE-785C-CC18-5D2E-D5CA4BAA03F0}" = Catalyst Control Center Graphics Full New
"{517B8FB2-26EE-43B0-AE1B-07408860AA69}" = DigitImg
"{539475B7-44B7-8B0A-134C-F01B9C8B7569}" = ccc-core-preinstall
"{58F8C6D9-5B55-486A-A322-4E8D87670031}" = Pilotes Canon MP
"{5AC7AE54-55DF-1126-076C-623F008D40B6}" = Catalyst Control Center Graphics Full Existing
"{60758250-C8CF-47EB-8CB6-E0C3B84D8207}" = PSShortcuts
"{6351D217-3EE3-1967-29BE-6A77635FE485}" = Skins
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6AB9CD3A-F91F-233B-923B-6C59BA63524D}" = Catalyst Control Center HydraVision Full
"{6FA269F8-38CB-4DF7-AA0D-36E3CE789485}" = HP Software Update
"{85A91C22-C369-FCFB-5F1F-D59EB21AD0E1}" = CCC Help English
"{8D2C1E44-7685-4D05-8342-B0DC6422FA47}" = Ulead Straight-to-Disc SDK
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A059DE09-1B49-4450-B340-7AE097EC3F04}" = Microsoft Works
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A6D0140F-E62F-9D1E-2408-9CFF91FF6FC8}" = ccc-utility
"{AC76BA86-7AD7-1036-7B44-A81200000003}" = Adobe Reader 8.1.2 - Français
"{AD8C0C77-7BBF-4CE7-89B7-DB95AFBE2708}" = ADS Tech MediaTV
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = Disque de souvenirs HP
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BE4AA694-815A-4045-BD49-C94F2BED7458}" = WinFast Entertainment Center(WDM Driver)
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C44A7422-E380-44BE-79FE-1C032D8A03A7}" = Catalyst Control Center Core Implementation
"{C882DE6B-1482-42D6-A7C2-A9F946EDBAF6}" = WinFast PVR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D4E99017-45CF-4C3D-AB02-4205939D604D}" = VLS
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{DE4997B5-55AD-4878-97A7-C9FA84FE23C7}" = PSUsage
"{E5D24929-91A4-B0A1-DE00-AFC453921EF7}" = Catalyst Control Center Graphics Light
"{E6C09BFB-BA75-15C7-5B18-A2CE31C4F42B}" = Catalyst Control Center Graphics Previews Common
"{F8282D32-0924-47CB-B6E8-001B3C5716A0}" = PS7200
"2004 Mahjongg Lite" = 2004 Mahjongg Lite 3.0
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adventure Inlay" = GameHouse Games Collection: Adventure Inlay
"Adventure Inlay - Safari Edition" = GameHouse Games Collection: Adventure Inlay - Safari Edition
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"Air Strike 2_is1" = Air Strike 2
"Air Strike 3D" = GameHouse Games Collection: Air Strike 3D
"All ATI Software" = ATI - Utilitaire de désinstallation du logiciel
"Aloha Solitaire" = GameHouse Games Collection: Aloha Solitaire
"Ango´s Game Collection" = Ango´s Game Collection
"Ask Toolbar_is1" = Foxit Toolbar
"ATI Display Driver" = ATI Display Driver
"Atlantis" = GameHouse Games Collection: Atlantis
"Atomaders" = GameHouse Games Collection: Atomaders
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"Bejeweled 2" = GameHouse Games Collection: Bejeweled 2
"Belarc Advisor" = Belarc Advisor 7.2
"Big Kahuna Reef" = GameHouse Games Collection: Big Kahuna Reef
"Boggle Supreme" = GameHouse Games Collection: Boggle Supreme
"Casino Island To Go" = GameHouse Games Collection: Casino Island To Go
"CCleaner" = CCleaner (remove only)
"CdaC13Ba" = SafeCast Shared Components
"CFWebAdvancedU" = CamfrogWEB Advanced ActiveX Plugin (remove only)
"Chainz 2: Relinked" = GameHouse Games Collection: Chainz 2 - Relinked
"Charm Solitaire" = GameHouse Games Collection: Charm Solitaire
"Charm Tale" = GameHouse Games Collection: Charm Tale
"Chuzzle Deluxe" = GameHouse Games Collection: Chuzzle Deluxe
"Collapse! Crunch" = GameHouse Games Collection: Collapse! Crunch
"Combo Chaos!" = GameHouse Games Collection: Combo Chaos!
"Crystal Path" = GameHouse Games Collection: Crystal Path
"Cubis Gold 2" = GameHouse Games Collection: Cubis Gold 2
"Defraggler" = Defraggler (remove only)
"Digby's Donuts" = GameHouse Games Collection: Digby's Donuts
"EVEREST Home Edition_is1" = EVEREST Home Edition v1.51
"Farm Frenzy 31.0.0.5" = Farm Frenzy 3
"filehippo.com" = filehippo.com Update Checker
"Flying Leo" = GameHouse Games Collection: Flying Leo
"Foxit Reader" = Foxit Reader
"GameHouse Sudoku" = GameHouse Games Collection: GameHouse Sudoku
"GNU Backgammon for Windows_is1" = GNU Backgammon 0.14.3-devel
"Granny in Paradise" = GameHouse Games Collection: Granny in Paradise
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Hello!" = GameHouse Games Collection: Hello!
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"i-minitel ADSL" = i-minitel ADSL
"Incadia" = GameHouse Games Collection: Incadia
"Incredible Ink" = GameHouse Games Collection: Incredible Ink
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"Jewel Quest" = GameHouse Games Collection: Jewel Quest
"K!TV" = K!TV
"Luxor" = GameHouse Games Collection: Luxor
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Magic Vines" = GameHouse Games Collection: Magic Vines
"Mah Jong Adventures" = GameHouse Games Collection: Mah Jong Adventures
"Mah Jong Medley" = GameHouse Games Collection: Mah Jong Medley
"Mah Jong Quest" = GameHouse Games Collection: Mah Jong Quest
"Mahjong Garden To Go" = GameHouse Games Collection: Mahjong Garden To Go
"Mahjong Towers Eternity" = GameHouse Games Collection: Mahjong Towers Eternity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maui Wowee" = GameHouse Games Collection: Maui Wowee
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Mystery Masterpiece - The Moonstone 1.00" = Mystery Masterpiece - The Moonstone 1.00
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Phlinx To Go" = GameHouse Games Collection: Phlinx To Go
"Picasa 3" = Picasa 3
"Pin High Country Club Golf" = GameHouse Games Collection: Pin High Country Club Golf
"Pizza Frenzy" = GameHouse Games Collection: Pizza Frenzy
"Platypus" = GameHouse Games Collection: Platypus
"Poker Superstars" = GameHouse Games Collection: Poker Superstars
"PROPLUS" = Microsoft Office Professional Plus 2007
"Puzzle Express" = GameHouse Games Collection: Puzzle Express
"Puzzle Inlay" = GameHouse Games Collection: Puzzle Inlay
"Puzzle Solitaire" = GameHouse Games Collection: Puzzle Solitaire
"QBz" = GameHouse Games Collection: QBz
"RealArcade 1.2" = RealArcade
"Revo Uninstaller" = Revo Uninstaller 1.83
"Ricochet" = GameHouse Games Collection: Ricochet
"Ricochet Lost Worlds" = GameHouse Games Collection: Ricochet Lost Worlds
"Ricochet Lost Worlds: Recharged" = GameHouse Games Collection: Ricochet Lost Worlds - Recharged
"Saints & Sinners Bingo" = GameHouse Games Collection: Saints & Sinners Bingo
"Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2
"Sandlot Games Client Services_is1" = Sandlot Games Client Services
"Shape Shifter" = GameHouse Games Collection: Shape Shifter
"Slingo Deluxe" = GameHouse Games Collection: Slingo Deluxe
"Splash" = GameHouse Games Collection: Splash
"Super Blackjack!" = GameHouse Games Collection: Super Blackjack!
"Super GameHouse Solitaire Vol. 2" = GameHouse Games Collection: Super GameHouse Solitaire Vol. 2
"Super GameHouse Solitaire Vol. 3" = GameHouse Games Collection: Super GameHouse Solitaire Vol. 3
"Super Glinx!" = GameHouse Games Collection: Super Glinx!
"Super Mah Jong Solitaire" = GameHouse Games Collection: Super Mah Jong Solitaire
"Super PileUp!" = GameHouse Games Collection: Super PileUp!
"Super Pop & Drop!" = GameHouse Games Collection: Super Pop & Drop!
"The Lost Inca Prophecy ." = The Lost Inca Prophecy .
"Tumblebugs" = GameHouse Games Collection: Tumblebugs
"Turtle Bay" = GameHouse Games Collection: Turtle Bay
"VLC media player" = VLC media player 0.9.9
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Zuma Deluxe" = GameHouse Games Collection: Zuma Deluxe

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27/07/2009 06:23:10 | Computer Name = BIDART | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 7.0.6000.16850, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 27/07/2009 07:40:52 | Computer Name = BIDART | Source = Application Hang | ID = 1002
Description = Application bloquée mbam.exe, version 1.38.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 27/07/2009 07:43:42 | Computer Name = BIDART | Source = Application Hang | ID = 1002
Description = Application bloquée mbam.exe, version 1.39.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 27/07/2009 08:53:04 | Computer Name = BIDART | Source = Application Hang | ID = 1002
Description = Application bloquée SUPERAntiSpyware.exe, version 4.26.0.1006, module
bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 27/07/2009 10:55:33 | Computer Name = BIDART | Source = Application Error | ID = 1000
Description = Application défaillante nanny2.exe, version 11.0.0.426, module défaillant
nanny2.exe, version 11.0.0.426, adresse de défaillance 0x00055c1a.

Error - 27/07/2009 10:55:41 | Computer Name = BIDART | Source = Application Error | ID = 1000
Description = Application défaillante nanny2.exe, version 11.0.0.426, module défaillant
nanny2.exe, version 11.0.0.426, adresse de défaillance 0x00055c1a.

Error - 27/07/2009 10:56:17 | Computer Name = BIDART | Source = Application Error | ID = 1000
Description = Application défaillante nanny2.exe, version 11.0.0.426, module défaillant
nanny2.exe, version 11.0.0.426, adresse de défaillance 0x00055c1a.

Error - 27/07/2009 10:56:35 | Computer Name = BIDART | Source = Application Error | ID = 1000
Description = Application défaillante nanny2.exe, version 11.0.0.426, module défaillant
nanny2.exe, version 11.0.0.426, adresse de défaillance 0x00055c1a.

Error - 07/08/2009 00:10:01 | Computer Name = BIDART | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 07/08/2009 00:40:59 | Computer Name = BIDART | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 7.0.6000.16876, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

[ System Events ]
Error - 27/07/2009 05:13:12 | Computer Name = BIDART | Source = sr | ID = 1
Description = Le filtre de restauration du système à rencontré l'erreur inattendue
'0xC0000001' pendant le traitement du fichier '' sur le volume 'HarddiskVolume1'.
Ceci a entraîné l'arrêt de la surveillance du volume.

Error - 27/07/2009 05:51:55 | Computer Name = BIDART | Source = sr | ID = 1
Description = Le filtre de restauration du système à rencontré l'erreur inattendue
'0xC0000001' pendant le traitement du fichier '' sur le volume 'HarddiskVolume3'.
Ceci a entraîné l'arrêt de la surveillance du volume.

Error - 27/07/2009 06:18:35 | Computer Name = BIDART | Source = sr | ID = 1
Description = Le filtre de restauration du système à rencontré l'erreur inattendue
'0xC0000001' pendant le traitement du fichier '' sur le volume 'HarddiskVolume1'.
Ceci a entraîné l'arrêt de la surveillance du volume.

Error - 27/07/2009 06:27:26 | Computer Name = BIDART | Source = sr | ID = 1
Description = Le filtre de restauration du système à rencontré l'erreur inattendue
'0xC0000001' pendant le traitement du fichier '' sur le volume 'HarddiskVolume1'.
Ceci a entraîné l'arrêt de la surveillance du volume.

Error - 27/07/2009 06:34:51 | Computer Name = BIDART | Source = sr | ID = 1
Description = Le filtre de restauration du système à rencontré l'erreur inattendue
'0xC0000001' pendant le traitement du fichier '' sur le volume 'HarddiskVolume3'.
Ceci a entraîné l'arrêt de la surveillance du volume.

Error - 27/07/2009 06:36:02 | Computer Name = BIDART | Source = DCOM | ID = 10010
Description = Le serveur {66B093B7-B5E3-4CFE-B32B-FEB55F172481} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 27/07/2009 07:19:35 | Computer Name = BIDART | Source = sr | ID = 1
Description = Le filtre de restauration du système à rencontré l'erreur inattendue
'0xC0000001' pendant le traitement du fichier '' sur le volume 'HarddiskVolume1'.
Ceci a entraîné l'arrêt de la surveillance du volume.

Error - 27/07/2009 07:38:16 | Computer Name = BIDART | Source = sr | ID = 1
Description = Le filtre de restauration du système à rencontré l'erreur inattendue
'0xC0000001' pendant le traitement du fichier '' sur le volume 'HarddiskVolume1'.
Ceci a entraîné l'arrêt de la surveillance du volume.

Error - 27/07/2009 07:45:03 | Computer Name = BIDART | Source = DCOM | ID = 10010
Description = Le serveur {66B093B7-B5E3-4CFE-B32B-FEB55F172481} ne s'est pas enregistré
sur DCOM avant la fin du temps imparti.

Error - 27/07/2009 07:48:23 | Computer Name = BIDART | Source = sr | ID = 1
Description = Le filtre de restauration du système à rencontré l'erreur inattendue
'0xC0000001' pendant le traitement du fichier '' sur le volume 'HarddiskVolume1'.
Ceci a entraîné l'arrêt de la surveillance du volume.


<End>
bayonnais
 
Messages: 54
Inscription: 31 Mar 2005, 03:04

Messagede nickW » 08 Aoû 2009, 00:42

Bonsoir,


Peux-tu réaliser une autre analyse:

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec).
Sous Windows XP, pour vérifier si un compte a les droits "Administrateur":
Démarrer---->Paramètres---->Panneau de configuration---->Comptes d'utilisateurs
A côté de l'icône représentant certains comptes (hormis celui nommé "Administrateur"), il est indiqué "Administrateur de l'ordinateur"
C'est l'un de ces comptes qu'il faudra utiliser.



Étape 1: RootRepeal (de AD)
Télécharger RootRepeal via un clic droit sur l'un des liens ci-dessous:
http://ad13.geekstogo.com/RootRepeal.zip
http://rootrepeal.googlepages.com/RootRepeal.zip
http://rootrepeal.psikotick.com/RootRepeal.zip
Enregistrer le fichier sur le Bureau.
Créer un nouveau dossier nommé RootRepeal à la racine du disque système (généralement C:\)

Décompresser l'archive téléchargée dans ce nouveau dossier RootRepeal


Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "Activer Antivir Guard/AntiVir Guard enable"


Étape 3: RootRepeal (de AD)
Dans l'Explorateur, ouvrir le dossier RootRepeal
Faire un double clic sur RootRepeal.exe pour lancer l'outil.

Cliquer sur l'onglet Report (en bas de la fenêtre)
Cliquer sur le bouton Scan
Dans la nouvelle fenêtre Select Scan, cocher:
+ Drivers
+ Files
+ Processes
+ SSDT
+ Stealth Objects
+ Hidden Services
+ Shadow SSDT

Cliquer sur le bouton OK
Dans la nouvelle fenêtre Select Drives, cocher le lecteur C:\
Cliquer sur le bouton OK pour lancer l'analyse

Note: Cette analyse prend un certain temps. NE PAS LANCER d'autres programmes tant qu'elle est active.

Lorsque l'analyse est terminée, le bouton Save Report sera disponible
Cliquer sur ce bouton Save Report et enregistrer le fichier rapport dans le dossier RootRepeal sous le nom RootRepeal-090807.txt

Ouvrir le menu File, cliquer sur Exit pour fermer le programme.


Étape 4: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 5: Résultats
Envoyer en réponse:
*- le rapport de RootRepeal (contenu du fichier RootRepeal-090807.txt)
Ce rapport peut être très long. Bien vérifier qu'il est complet dans le message envoyé. Si nécessaire, le découper en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede bayonnais » 08 Aoû 2009, 08:14

Merci pour votre aide,

J'ai suivi à la lettre vos instructions, RAS jusqu'au double clic sur l'application où une fenêtre est apparue avec le message suivant :
" ERROR. invalid PE image found"
après avoir cliqué sur le dernier "OK" la souris se fige et la seule solution pour sortir est le "boot"

Une 3ème tentative est en cours : souris figée, image figée tout figé bref j'attends...
bayonnais
 
Messages: 54
Inscription: 31 Mar 2005, 03:04

Messagede bayonnais » 08 Aoû 2009, 08:31

Bon, la 3ème tentative s'est soldée par l'arrêt de l'ordinateur au bout de 30 mn environ.

Un peu dépité
bayonnais
 
Messages: 54
Inscription: 31 Mar 2005, 03:04

Messagede nickW » 09 Aoû 2009, 00:24

Bonsoir,


Tentative d'utilisation de deux autres outils:

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec).


Étape 1: Gmer
Télécharger le programme exécutable (fichier .exe) depuis la page http://www.gmer.net/files.php
Cliquer sur le bouton Download EXE.
Enregistrer le fichier à la racine du disque système (généralement C: ) en notant son nom (qui est aléatoire).


Étape 2: SysProt AntiRootkit (de swatkat)
Télécharger SysProt AntiRootkit depuis la page ci-dessous:
http://sites.google.com/site/sysprotantirootkit/
Voir tout en bas dans le paragraphe Attachments, et enregistrer le fichier SysProt.zip sur le Bureau.

Décompresser (clic droit, Extraire tout) l'archive SysProt.zip à la racine du disque système (généralement C:\)


Étape 3: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "Activer Antivir Guard/AntiVir Guard enable"


Étape 4: Gmer
Fermer absolument toutes les applications, les connexions et les navigateurs.

Faire un double clic sur le fichier au nom aléatoire téléchargé précédemment.

Attendre quelques instants le chargement et les premières recherches.

Vérifier que toutes les cases de la colonne de droite sont cochées sauf
Sections
AT/EAT
les lecteurs autres que C:\
"Show all"
comme ceci:
Image

puis cliquer sur le bouton Scan.

Attendre sans rien faire d'autre (... c'est long...).
Les clés de Registre & fichiers scannés s'affichent en bas de la fenêtre.

Lorsque l'outil a terminé (il n'y a plus de défilement en bas de la fenêtre), cliquer sur le bouton Save ....

Une fenêtre du Bloc-notes va s'ouvrir, contenant le fichier rapport.
Note: Dans le Bloc-notes, vérifier dans le menu Format que l'option "Retour automatique à la ligne" n'est pas cochée.
Enregistrer ce fichier sur le Bureau sous le nom gmer-090808.txt.
Fermer la fenêtre Gmer (clic sur OK).



Étape 5: SysProt AntiRootkit (de swatkat)
Dans l'Explorateur, ouvrir le dossier SysProt
Faire un double clic sur SysProt.exe pour lancer l'outil.

Cliquer sur l'onglet Log, comme ceci:
Image

Cocher toutes les cases (y compris la case située devant Hidden Objects Only), puis cliquer sur le bouton Create Log, comme ceci:
Image

La préparaton de l'analyse commence, puis une nouvelle fenêtre s'ouvre.
Cocher le bouton-radio Scan root drive only puis cliquer sur Start, comme ceci:
Image

Lorsque l'analyse est terminée, une petite fenêtre annonce la création du fichier rapport, et indique son emplacement, comme ceci:
Image

Cliquer sur OK.
Fermer SysProt AntiRootkit.


Étape 6: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 7: Résultats
Envoyer en réponse:
*- le rapport de Gmer (contenu du fichier gmer-090808.txt).
*- le rapport de SysProt AntiRootkit (contenu du fichier SysProtLog.txt situé dans le dossier SysProt)
Ce rapport peut être très long. Bien vérifier qu'il est complet dans le message envoyé. Si nécessaire, le découper en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede bayonnais » 09 Aoû 2009, 13:02

Je te remercie, mais j'ai reformaté mon DD ce matin, solution radicale mais efficace.

encore merci et bon courage
bayonnais
 
Messages: 54
Inscription: 31 Mar 2005, 03:04


Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 28 invités