aide avec zlob dns changer

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

aide avec zlob dns changer

Messagede latourelle » 19 Nov 2009, 01:20

Zlob m`empêche de faire des mises à jour de certains programmes tel que microsoft update ,spyboat,ad-aware...

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3181
Windows 5.1.2600 Service Pack 3

2009-11-19 14:04:53
mbam-log-2009-11-19 (14-04-42).txt

Type de recherche: Examen rapide
Eléments examinés: 112329
Temps écoulé: 8 minute(s), 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.232 85.255.112.179 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ccfc167d-052e-4085-b069-ac64f08e367d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.232 85.255.112.179 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.232 85.255.112.179 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ccfc167d-052e-4085-b069-ac64f08e367d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.232 85.255.112.179 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.232 85.255.112.179 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ccfc167d-052e-4085-b069-ac64f08e367d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.232 85.255.112.179 1.2.3.4 -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

OTL logfile created on: 2009-11-19 14:07:06 - Run 1
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

1015,48 Mb Total Physical Memory | 528,29 Mb Available Physical Memory | 52,02% Memory free
2,01 Gb Paging File | 1,51 Gb Available in Paging File | 75,11% Paging File free
Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 13,16 Gb Free Space | 35,33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PARENTS
Current User Name: Administrateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009-11-19 12:37:55 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
PRC - [2009-11-16 15:01:44 | 00,818,432 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2009-11-16 15:01:19 | 02,971,608 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2009-11-07 10:10:12 | 00,487,936 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2009-10-01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2009-07-26 20:04:23 | 00,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2009-07-21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009-07-20 10:51:52 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009-07-02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009-07-02 13:34:43 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-05-13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009-03-02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008-04-13 18:34:04 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-04-19 12:35:46 | 00,075,304 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
PRC - [2006-11-03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005-04-01 20:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2003-06-19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2002-09-20 16:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2009-11-19 12:37:55 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
MOD - [2008-04-13 18:30:56 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2006-05-03 21:53:54 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2002-11-06 20:00:38 | 00,040,820 | ---- | M] (SoundMAX) -- C:\WINDOWS\system32\Syncor11.dll


========== Win32 Services (SafeList) ==========

SRV - [2009-11-16 15:01:44 | 00,818,432 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2009-11-07 10:10:12 | 00,487,936 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2009-11-03 13:58:13 | 01,179,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009-10-01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009-07-26 20:04:23 | 00,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009-07-26 20:04:16 | 00,361,288 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009-07-21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009-07-20 10:51:52 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009-07-15 04:48:20 | 00,029,000 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009-07-02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009-07-02 13:34:43 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-05-13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008-11-20 14:18:52 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008-07-29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008-07-29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008-07-29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008-07-25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-07-25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008-04-13 18:33:40 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2007-05-11 11:10:00 | 00,132,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32)
SRV - [2007-05-04 09:39:24 | 00,267,824 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007-04-19 12:35:46 | 00,075,304 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007-01-05 13:04:10 | 02,918,008 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006-11-03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006-10-26 12:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006-10-18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2005-04-01 20:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)
SRV - [2003-06-19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2002-09-20 16:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)


========== Driver Services (SafeList) ==========

DRV - [2009-11-16 15:02:22 | 00,115,088 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2009-11-16 15:02:21 | 00,229,304 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2009-11-16 15:02:21 | 00,070,280 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2009-11-16 15:02:08 | 00,087,656 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2009-09-23 07:55:23 | 00,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009-08-14 11:44:18 | 00,032,552 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctNdis-DNS.sys -- (PCTFW-DNS)
DRV - [2009-07-29 08:54:42 | 00,046,592 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNDIS)
DRV - [2009-07-28 15:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009-07-20 13:10:12 | 00,223,128 | ---- | M] () -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi)
DRV - [2009-06-18 18:48:04 | 00,142,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009-06-03 13:24:49 | 00,142,592 | ---- | M] () -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2009-05-11 15:00:50 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-05-11 09:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-03-30 09:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009-02-13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008-11-20 14:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008-07-25 01:18:32 | 00,176,640 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008-04-13 08:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007-03-30 19:48:02 | 00,018,232 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\AW_HOST5.sys -- (AW_HOST)
DRV - [2007-03-30 19:47:22 | 00,017,848 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\awlegacy.sys -- (awlegacy)
DRV - [2007-03-30 19:46:50 | 00,013,368 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\awechomd.sys -- (awecho)
DRV - [2007-03-30 19:44:22 | 00,020,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\GERNUWA.sys -- (Gernuwa)
DRV - [2006-01-05 09:32:33 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2005-09-20 11:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2003-05-27 17:05:42 | 00,578,304 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2003-03-13 17:34:48 | 00,100,224 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1547161642-492894223-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.ca
IE - HKU\S-1-5-21-1547161642-492894223-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-1547161642-492894223-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1547161642-492894223-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca
IE - HKU\S-1-5-21-1547161642-492894223-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
IE - HKU\S-1-5-21-1547161642-492894223-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1547161642-492894223-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1547161642-492894223-1177238915-500\S-1-5-21-1547161642-492894223-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://google.ca"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3789
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2b}:1.1.11
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4


FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-07-02 13:34:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-11-03 15:19:00 | 00,000,000 | ---D | M]

[2009-05-11 12:29:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions
[2009-05-11 12:29:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-10-30 07:01:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\lrffd0qt.default\extensions
[2009-08-19 11:20:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\lrffd0qt.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009-05-16 14:00:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\lrffd0qt.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2b}
[2009-05-11 16:51:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\lrffd0qt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009-10-01 18:20:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\lrffd0qt.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009-08-26 06:44:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\lrffd0qt.default\extensions\optout@dubfire(2).net
[2009-10-30 07:01:19 | 00,001,342 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\lrffd0qt.default\searchplugins\crawlersrch.xml
[2009-05-11 15:02:58 | 00,002,399 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\lrffd0qt.default\searchplugins\daemon-search.xml
[2009-10-30 07:05:10 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-08-30 18:00:04 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009-07-02 13:35:10 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009-08-12 10:41:21 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2008-12-18 13:45:30 | 00,122,880 | ---- | M] (Google) -- C:\Program Files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
[2002-01-09 01:26:38 | 00,032,768 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2008-09-03 18:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009-07-02 13:34:45 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2003-07-15 05:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009-02-27 11:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008-12-18 14:52:52 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2008-12-18 14:53:46 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2008-12-18 14:52:10 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009-09-23 15:37:30 | 00,032,448 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll

O1 HOSTS File: (351646 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12054 more lines...
O2 - BHO: (no name) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - Reg Error: Value error. File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - No CLSID value found.
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-1547161642-492894223-1177238915-500\..\Toolbar\ShellBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-1547161642-492894223-1177238915-500\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-1547161642-492894223-1177238915-500\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-1547161642-492894223-1177238915-500..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Poppy for Windows.lnk = C:\Program Files\Poppy\Poppy.exe ( Jan G.P. Sijm)
O4 - Startup: C:\Documents and Settings\Guy Plqnte\Menu Démarrer\Programmes\Démarrage\Poppy for Windows.lnk = C:\Program Files\Poppy\Poppy.exe ( Jan G.P. Sijm)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1547161642-492894223-1177238915-500\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1547161642-492894223-1177238915-500\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1547161642-492894223-1177238915-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-492894223-1177238915-500_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1547161642-492894223-1177238915-500_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm File not found
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1547161642-492894223-1177238915-500\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 6676396781 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 7357971875 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.255.112.232 85.255.112.179 1.2.3.4
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-ir2007 {52BAEC6B-9405-46f9-A131-6D50720A3CC4} - C:\Program Files\ImpotRapide 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-ir2008 {729D3592-92E7-4cbc-8E44-3C22B3F457B3} - C:\Program Files\ImpotRapide 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-03-30 09:52:36 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (smrgdf) - File not found
O34 - HKLM BootExecute: (C:\Program) - File not found
O34 - HKLM BootExecute: (Files\iolo\System) - File not found
O34 - HKLM BootExecute: (Mechanic) - File not found
O34 - HKLM BootExecute: (Professional) - File not found
O34 - HKLM BootExecute: (6\) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009-11-19 13:08:20 | 00,119,808 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Administrateur\Bureau\VundoFix.exe
[2009-11-19 12:53:37 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2009-11-18 18:48:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\WinRAR
[2009-11-17 12:10:43 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrateur\Recent
[2009-11-17 12:01:11 | 00,000,000 | RH-D | C] -- C:\WINDOWS\System32\dllcache\agp440.sys
[2009-11-16 13:03:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\FTWeak
[2009-11-16 13:03:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FTWeak
[2009-11-16 13:03:27 | 00,000,000 | ---D | C] -- C:\Program Files\FCleaner
[2009-11-16 13:00:55 | 00,000,000 | ---D | C] -- C:\Program Files\Driver Sweeper
[2009-11-16 13:00:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\CapSystems
[2009-11-16 12:57:36 | 00,000,000 | ---D | C] -- C:\Program Files\CapSystems
[2009-11-16 12:53:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Smart PC Solutions
[2009-11-12 13:57:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2009-11-11 16:58:51 | 00,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009-11-11 16:58:51 | 00,018,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009-11-10 13:57:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Safer Networking
[2009-11-10 13:57:23 | 00,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2009-11-09 19:48:52 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\ODBC
[2009-11-03 15:27:31 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2009-11-03 13:59:16 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009-11-03 13:34:31 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009-11-03 12:47:08 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009-10-29 19:29:08 | 02,146,304 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2009-10-28 17:30:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\PCHealth
[2009-10-28 14:50:00 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009-10-28 14:50:00 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009-10-28 14:49:59 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009-10-28 14:49:59 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009-10-28 14:49:54 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009-10-28 14:49:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009-10-28 13:07:08 | 00,116,736 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2009-10-28 13:06:12 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2009-10-28 13:06:07 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2009-10-28 13:05:12 | 00,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiacpi.sys
[2009-10-28 13:04:14 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys
[2009-10-28 13:02:46 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viaide.sys
[2009-10-28 13:02:44 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2009-10-28 13:01:41 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2009-10-28 13:01:40 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2009-10-28 13:01:38 | 00,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbohci.sys
[2009-10-28 13:01:35 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2009-10-28 12:59:09 | 00,082,944 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4mon.exe
[2009-10-28 12:58:07 | 00,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2009-10-28 12:56:10 | 00,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2009-10-28 12:54:23 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys
[2009-10-28 12:53:26 | 00,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys
[2009-10-28 12:53:25 | 00,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys
[2009-10-28 12:52:53 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2009-10-28 12:50:46 | 00,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2009-10-28 12:50:11 | 00,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2009-10-28 12:48:41 | 00,029,696 | ---- | C] (RICOH Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2009-10-28 12:48:39 | 00,028,160 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2009-10-28 12:48:02 | 00,079,360 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2009-10-28 12:46:30 | 00,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
[2009-10-28 12:46:09 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2009-10-28 12:45:43 | 00,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2009-10-28 12:45:37 | 00,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2009-10-28 12:44:43 | 00,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
[2009-10-28 12:44:41 | 00,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
[2009-10-28 12:44:40 | 00,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
[2009-10-28 12:44:39 | 00,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
[2009-10-28 12:42:14 | 00,061,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ohci1394.sys
[2009-10-28 12:41:26 | 00,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys
[2009-10-28 12:40:30 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2009-10-28 12:40:26 | 00,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2009-10-28 12:38:54 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2009-10-28 12:38:52 | 00,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2009-10-28 12:38:26 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2009-10-28 12:38:00 | 00,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2009-10-28 12:37:37 | 00,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2009-10-28 12:36:57 | 00,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys
[2009-10-28 12:35:56 | 00,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2009-10-28 12:35:09 | 00,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2009-10-28 12:34:58 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2009-10-28 12:34:57 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2009-10-28 12:34:55 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2009-10-28 12:34:45 | 00,254,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2009-10-28 12:34:43 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2009-10-28 12:34:00 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2009-10-28 12:33:30 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2009-10-28 12:33:25 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2009-10-28 12:33:24 | 00,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2009-10-28 12:33:20 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2009-10-28 12:31:08 | 00,702,845 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\i81xdnt5.dll
[2009-10-28 12:30:57 | 00,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys
[2009-10-28 12:30:55 | 00,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2009-10-28 12:28:12 | 00,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2009-10-28 12:28:02 | 00,028,544 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2009-10-28 12:27:48 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2009-10-28 12:27:46 | 00,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2009-10-28 12:23:25 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2009-10-28 12:22:50 | 00,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2009-10-28 12:22:38 | 00,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2009-10-28 12:20:18 | 00,252,416 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2009-10-28 12:19:46 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2009-10-28 12:19:32 | 00,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2009-10-28 12:19:05 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2009-10-28 12:18:52 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2009-10-28 12:18:37 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2009-10-28 12:17:13 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2009-10-28 12:17:12 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2009-10-28 12:17:05 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2009-10-28 12:16:53 | 00,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2009-10-28 12:16:49 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2009-10-28 12:14:41 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2009-10-28 12:14:39 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2009-10-28 12:14:27 | 00,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2009-10-28 12:10:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\GlarySoft
[2009-10-28 12:08:02 | 00,000,000 | ---D | C] -- C:\d36493a7c86af9ad64bd30bd
[2009-10-28 12:05:47 | 00,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2009-10-28 10:58:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009-10-28 10:58:40 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009-10-28 10:58:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009-10-28 10:58:25 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009-10-28 10:57:09 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009-10-28 10:57:09 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009-10-28 10:57:09 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009-10-28 10:57:09 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009-10-28 10:57:09 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009-10-28 10:57:09 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009-10-28 10:57:09 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009-10-28 10:57:08 | 00,000,000 | ---D | C] -- C:\36a3eaa9c10c757886d6bce38aa6e0
[2009-10-28 10:39:11 | 00,195,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2009-10-27 17:29:58 | 00,000,000 | ---D | C] -- C:\Program Files\Navilog1
[2009-10-27 17:01:40 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009-10-27 15:45:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Downloaded Installations
[2009-10-27 11:47:52 | 00,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2009-10-26 13:35:38 | 00,016,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2009-10-25 09:25:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Mes documents\a-squared Free
[2009-10-24 11:25:04 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009-10-24 11:25:01 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009-10-23 16:15:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009-10-23 12:14:43 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2006-03-31 06:54:22 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2006-03-31 06:54:22 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2004-01-19 14:46:18 | 00,140,800 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\xmasbus.sys
[2004-01-19 14:46:18 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\xmasscsi.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009-11-19 14:12:07 | 00,001,182 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-492894223-1177238915-500UA.job
[2009-11-19 14:04:13 | 00,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1788223648-1606980848-1003.job
[2009-11-19 14:00:02 | 00,000,526 | ---- | M] () -- C:\WINDOWS\tasks\Maintenance en 1 clic.job
[2009-11-19 13:37:56 | 00,029,052 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\pad.rtf
[2009-11-19 13:37:43 | 00,005,370 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\procédure.rtf
[2009-11-19 13:10:20 | 01,872,472 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix.exe
[2009-11-19 13:08:46 | 00,228,109 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Navilog1.exe
[2009-11-19 13:08:26 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe
[2009-11-19 13:08:21 | 00,119,808 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Administrateur\Bureau\VundoFix.exe
[2009-11-19 12:53:10 | 01,317,376 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\BUDGET 2009.xls
[2009-11-19 12:37:55 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2009-11-19 12:34:00 | 00,001,000 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009-11-19 12:30:07 | 00,013,760 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-11-19 12:27:28 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009-11-19 12:22:30 | 00,000,330 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2009-11-19 12:22:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-11-19 12:22:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-11-18 20:00:06 | 08,388,608 | ---- | M] () -- C:\Documents and Settings\Administrateur\ntuser.dat
[2009-11-18 20:00:06 | 00,000,284 | -HS- | M] () -- C:\Documents and Settings\Administrateur\ntuser.ini
[2009-11-18 18:48:49 | 00,001,769 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk
[2009-11-18 18:23:17 | 00,000,731 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\zlob.rtf
[2009-11-18 18:13:31 | 00,002,952 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Document.rtf
[2009-11-18 18:12:02 | 00,001,130 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-492894223-1177238915-500Core.job
[2009-11-18 17:43:52 | 00,001,051 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009-11-17 14:39:56 | 08,388,608 | ---- | M] () -- C:\Documents and Settings\Administrateur\ntuser.dat.gbck
[2009-11-17 14:05:48 | 00,000,777 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-11-17 14:05:48 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-11-17 14:05:48 | 00,000,212 | -HS- | M] () -- C:\boot.ini
[2009-11-17 13:34:35 | 00,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009-11-16 15:02:22 | 00,115,088 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys
[2009-11-16 15:02:21 | 00,229,304 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009-11-16 15:02:21 | 00,070,280 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys
[2009-11-16 15:02:20 | 00,007,387 | ---- | M] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2009-11-16 15:02:08 | 00,087,656 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009-11-16 15:02:08 | 00,007,412 | ---- | M] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2009-11-16 13:03:32 | 00,000,665 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\FCleaner.lnk
[2009-11-15 16:02:46 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2009-11-13 19:33:03 | 00,155,136 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\classeur Guy 2008.xls
[2009-11-13 19:28:44 | 00,065,712 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009-11-13 19:20:38 | 00,251,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-11-13 13:01:50 | 00,351,646 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009-11-10 15:43:49 | 00,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-11-10 12:48:30 | 00,000,710 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Glary Utilities.lnk
[2009-11-07 10:10:01 | 00,000,832 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Spyware Terminator.lnk
[2009-11-06 16:14:06 | 00,034,304 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-11-05 17:07:25 | 04,808,432 | -H-- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\IconCache.db
[2009-11-05 13:54:49 | 00,000,044 | ---- | M] () -- C:\WINDOWS\SMWizard.INI
[2009-11-05 12:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009-11-04 19:06:56 | 00,062,976 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\code.doc
[2009-11-03 15:27:33 | 00,000,865 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Microsoft Security Essentials.lnk
[2009-11-03 13:59:09 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009-11-03 13:59:04 | 00,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009-11-03 13:28:31 | 00,000,914 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Ad-Aware.lnk
[2009-11-03 13:04:53 | 01,057,124 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-11-03 13:04:53 | 00,503,238 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009-11-03 13:04:53 | 00,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-11-03 13:04:53 | 00,081,386 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009-11-03 13:04:53 | 00,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-11-02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2009-10-30 06:55:54 | 00,001,583 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\CCleaner.lnk
[2009-10-29 19:29:08 | 02,146,304 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2009-10-28 14:29:14 | 00,013,760 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2009-10-28 14:29:11 | 00,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2009-10-27 17:29:41 | 00,001,667 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Update Checker.lnk
[2009-10-26 16:02:57 | 00,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009-10-26 15:40:14 | 00,001,706 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009-10-26 15:40:10 | 00,000,783 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091113-082241.backup
[2009-10-25 09:25:37 | 00,000,683 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\a-squared Free.lnk
[2009-10-24 09:57:27 | 00,000,998 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Spybot - Search & Destroy.lnk
[2009-10-22 04:17:28 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009-10-22 04:17:28 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009-11-19 13:37:56 | 00,029,052 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\pad.rtf
[2009-11-19 13:37:43 | 00,005,370 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\procédure.rtf
[2009-11-19 13:08:46 | 00,228,109 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Navilog1.exe
[2009-11-19 13:08:37 | 01,872,472 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix.exe
[2009-11-19 13:08:29 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe
[2009-11-18 18:48:49 | 00,001,769 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk
[2009-11-18 18:23:17 | 00,000,731 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\zlob.rtf
[2009-11-18 18:13:31 | 00,002,952 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Document.rtf
[2009-11-16 15:02:20 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2009-11-16 15:02:08 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2009-11-16 13:03:32 | 00,000,665 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\FCleaner.lnk
[2009-11-15 16:02:46 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2009-11-10 12:48:30 | 00,000,710 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Glary Utilities.lnk
[2009-11-07 10:10:01 | 00,000,832 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Spyware Terminator.lnk
[2009-11-03 15:32:56 | 00,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009-11-03 15:27:33 | 00,000,865 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Microsoft Security Essentials.lnk
[2009-11-03 15:01:51 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009-11-03 13:40:04 | 00,000,998 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Spybot - Search & Destroy.lnk
[2009-11-03 13:38:35 | 00,000,492 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009-11-03 13:28:31 | 00,000,914 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Ad-Aware.lnk
[2009-10-30 06:55:54 | 00,001,583 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\CCleaner.lnk
[2009-10-28 14:29:15 | 00,013,760 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2009-10-28 13:07:01 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2009-10-28 12:46:03 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2009-10-28 12:45:56 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2009-10-28 12:38:01 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2009-10-28 12:06:36 | 00,000,330 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2009-10-25 09:25:37 | 00,000,683 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\a-squared Free.lnk
[2009-09-01 11:24:38 | 00,064,260 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\prvlcl.dat
[2009-08-30 17:35:15 | 00,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2009-07-20 13:10:12 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\vaxscsi.sys
[2009-07-02 15:00:13 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\housecall.guid.cache
[2009-06-03 13:24:49 | 00,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2009-05-18 11:46:11 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009-05-18 11:46:11 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009-05-11 15:00:48 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-05-11 08:37:08 | 00,034,304 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-05-06 17:36:37 | 00,065,712 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009-03-30 12:34:48 | 04,808,432 | -H-- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\IconCache.db
[2009-03-30 10:42:47 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2009-03-30 09:59:07 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrateur\Application Data\desktop.ini
[2009-03-30 04:32:03 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009-01-13 14:40:11 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-12-31 10:41:29 | 00,004,892 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dyaniilw.kxq
[2008-12-15 11:36:45 | 00,000,052 | ---- | C] () -- C:\WINDOWS\HGSpeech.ini
[2008-12-13 11:41:05 | 00,000,077 | ---- | C] () -- C:\WINDOWS\huffyuv.ini
[2008-10-02 12:49:20 | 00,000,394 | ---- | C] () -- C:\WINDOWS\capture.ini
[2007-10-09 16:16:25 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2007-07-15 21:44:32 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2007-07-15 21:41:08 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007-06-11 07:51:12 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007-03-07 14:01:19 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\xpsacdma01.dll
[2007-03-03 10:01:42 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2007-03-03 10:01:42 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2007-01-25 11:31:36 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006-06-29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006-06-29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006-05-17 17:32:22 | 00,000,891 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006-04-18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006-04-18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006-04-14 17:35:57 | 00,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006-03-20 07:14:32 | 00,001,051 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006-03-10 20:14:56 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2006-03-03 08:09:45 | 00,001,208 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2006-02-28 14:33:07 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006-02-28 14:33:07 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006-01
latourelle
 
Messages: 14
Inscription: 19 Nov 2009, 01:17

Messagede nickW » 19 Nov 2009, 18:20

Bonsoir,

Je ne suis pas un robot.

Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

désolé , je me reprend.

Messagede latourelle » 19 Nov 2009, 20:29

nickW a écrit:Bonsoir,

Je ne suis pas un robot.

Salut,
latourelle
 
Messages: 14
Inscription: 19 Nov 2009, 01:17

correction

Messagede latourelle » 19 Nov 2009, 22:52

j`ai refait mes devoirs ,pouvez-vous voir ce qui ne vas pas car j`ai essayé d`enlever zlob dns changer à plusieurs reprises mais il revient après quelques minutes.
merci
latourelle
 
Messages: 14
Inscription: 19 Nov 2009, 01:17

Messagede nickW » 20 Nov 2009, 01:14

Bonsoir,

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec)
Sous Windows XP, pour vérifier si un compte a les droits "Administrateur":
Démarrer---->Paramètres---->Panneau de configuration---->Comptes d'utilisateurs
A côté de l'icône représentant certains comptes (hormis celui nommé "Administrateur"), il est indiqué "Administrateur de l'ordinateur"
C'est l'un de ces comptes qu'il faudra utiliser.



Je te conseille d'imprimer la procédure, ou d'en sélectionner toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC (Note: tu n'auras pas accès à Internet, ni au navigateur, et des redémarrages sont possibles).
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.



Étape 1: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "Activer Antivir Guard/AntiVir Guard enable"


Étape 2: SmitFraudFix (de S!ri), option 5: Recherche et suppression détournement DNS
Fermer toutes les fenêtres de programme ouvertes. Fermer tous les navigateurs (pas d'Internet Explorer, Firefox, Opera, etc, ouvert).
Faire un double clic sur SmitfraudFix.exe pour lancer l'outil.
Appuyer sur n'importe quelle touche après avoir lu le message d'avertissement.
Après l'affichage du menu, taper 5 puis faire Entrée pour corriger le détournement DNS.


Étape 3: Malwarebytes' Anti-Malware, recherche
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats".

Cliquer sur le bouton "Enregistrer le rapport", valider la sauvegarde, puis cliquer sur le bouton "Quitter"


Étape 4: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 5: OTL (de OldTimer), analyse
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Si ce n'est déjà fait, dans le paragraphe Extra Registry, cocher le bouton-radio Use SafeList:
Image

Cocher (en haut) la case située devant Scan All Users:
Image

Puis cliquer sur le bouton Run Scan:
Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Le second rapport est visible dans la Barre des tâches. Le fermer également.
Fermer la fenêtre de OTL.


Étape 6: Résultats
Envoyer en réponse:
*- le rapport de SmitFraudFix, option 5 (contenu du fichier SystemDrive\rapport.txt).
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
Note importante:
Si ce rapport de SmitFraudFix contient des dizaines de lignes commençant par "127.0.0.1", il ne faut pas toutes les envoyer sur le forum.
Il ne faut envoyer que les 15 premières lignes commençant par "127.0.0.1" avec le reste du log.

*- le log de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-*-**-**** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs / *-**-**** (**-**-**) représente la date [mois-jour-année] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans deux messages distincts (à cause de la longueur des logs):
*- les deux rapports de OTL (contenu des fichiers OTL.Txt et Extras.Txt situés sur le Bureau).
Les rapports envoyés sur le forum doivent se terminer par une ligne contenant <End>. Si ce n'est pas le cas, ils sont incomplets, et doivent alors être découpés en plusieurs messages.<----tu ne l'as pas vérifié précédemment, et tu n'as envoyé que le début du premier rapport.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

merci de ta patience

Messagede latourelle » 20 Nov 2009, 02:00

SmitFraudFix v2.424

Rapport fait à 19:36:42,73, 2009-11-19
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix

Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !

Description: Broadcom NetXtreme Gigabit Ethernet for hp - Miniport d'ordonnancement de paquets
DNS Server Search Order: 85.255.112.232
DNS Server Search Order: 85.255.112.179
DNS Server Search Order: 1.2.3.4

HKLM\SYSTEM\CCS\Services\Tcpip\..\{CCFC167D-052E-4085-B069-AC64F08E367D}: DhcpNameServer=85.255.112.232 85.255.112.179 1.2.3.4

»»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix


Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3181
Windows 5.1.2600 Service Pack 3

2009-11-19 19:46:25
mbam-log-2009-11-19 (19-46-20).txt

Type de recherche: Examen rapide
Eléments examinés: 112397
Temps écoulé: 6 minute(s), 8 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.232 85.255.112.179 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ccfc167d-052e-4085-b069-ac64f08e367d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.232 85.255.112.179 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.232 85.255.112.179 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ccfc167d-052e-4085-b069-ac64f08e367d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.232 85.255.112.179 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.232 85.255.112.179 1.2.3.4 -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
latourelle
 
Messages: 14
Inscription: 19 Nov 2009, 01:17

suite

Messagede latourelle » 20 Nov 2009, 02:01

OTL logfile created on: 2009-11-19 19:49:11 - Run 2
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

1015,48 Mb Total Physical Memory | 496,74 Mb Available Physical Memory | 48,92% Memory free
2,01 Gb Paging File | 1,46 Gb Available in Paging File | 72,73% Paging File free
Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 12,30 Gb Free Space | 33,00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PARENTS
Current User Name: Administrateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009-11-19 12:37:55 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
PRC - [2009-11-16 15:01:44 | 00,818,432 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2009-11-16 15:01:19 | 02,971,608 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2009-11-07 10:10:12 | 00,487,936 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2009-10-01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2009-07-26 20:04:23 | 00,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2009-07-21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009-07-20 10:51:52 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009-07-02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009-07-02 13:34:43 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-05-13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009-03-02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008-04-13 18:34:04 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-05-30 07:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
PRC - [2007-04-19 12:35:46 | 00,075,304 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
PRC - [2006-11-03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005-04-01 20:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2003-06-19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2002-09-20 16:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2009-11-19 12:37:55 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
MOD - [2008-04-13 18:30:56 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2006-05-03 21:53:54 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2002-11-06 20:00:38 | 00,040,820 | ---- | M] (SoundMAX) -- C:\WINDOWS\system32\Syncor11.dll


========== Win32 Services (SafeList) ==========

SRV - [2009-11-16 15:01:44 | 00,818,432 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2009-11-07 10:10:12 | 00,487,936 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2009-11-03 13:58:13 | 01,179,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009-10-01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009-07-26 20:04:23 | 00,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009-07-26 20:04:16 | 00,361,288 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009-07-21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009-07-20 10:51:52 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009-07-15 04:48:20 | 00,029,000 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009-07-02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009-07-02 13:34:43 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-05-13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008-11-20 14:18:52 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008-07-29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008-07-29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008-07-29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008-07-25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-07-25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008-04-13 18:33:40 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2007-05-30 07:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard)
SRV - [2007-05-11 11:10:00 | 00,132,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32)
SRV - [2007-05-04 09:39:24 | 00,267,824 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007-04-19 12:35:46 | 00,075,304 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007-01-05 13:04:10 | 02,918,008 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006-11-03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006-10-26 12:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006-10-18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2005-04-01 20:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)
SRV - [2003-06-19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2002-09-20 16:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)


========== Driver Services (SafeList) ==========

DRV - [2009-11-16 15:02:22 | 00,115,088 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2009-11-16 15:02:21 | 00,229,304 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2009-11-16 15:02:21 | 00,070,280 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2009-11-16 15:02:08 | 00,087,656 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2009-09-23 07:55:23 | 00,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009-08-14 11:44:18 | 00,032,552 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctNdis-DNS.sys -- (PCTFW-DNS)
DRV - [2009-07-29 08:54:42 | 00,046,592 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNDIS)
DRV - [2009-07-28 15:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009-07-20 13:10:12 | 00,223,128 | ---- | M] () -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi)
DRV - [2009-06-18 18:48:04 | 00,142,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009-06-03 13:24:49 | 00,142,592 | ---- | M] () -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2009-05-11 15:00:50 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-05-11 09:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-03-30 09:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009-02-13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008-11-20 14:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008-07-25 01:18:32 | 00,176,640 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008-04-13 08:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007-05-30 07:10:42 | 00,011,000 | ---- | M] () -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver)
DRV - [2007-05-30 07:10:42 | 00,010,872 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln)
DRV - [2007-03-30 19:48:02 | 00,018,232 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\AW_HOST5.sys -- (AW_HOST)
DRV - [2007-03-30 19:47:22 | 00,017,848 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\awlegacy.sys -- (awlegacy)
DRV - [2007-03-30 19:46:50 | 00,013,368 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\awechomd.sys -- (awecho)
DRV - [2007-03-30 19:44:22 | 00,020,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\GERNUWA.sys -- (Gernuwa)
DRV - [2006-01-05 09:32:33 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2005-09-20 11:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2003-05-27 17:05:42 | 00,578,304 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2003-03-13 17:34:48 | 00,100,224 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1547161642-492894223-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.ca
IE - HKU\S-1-5-21-1547161642-492894223-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-1547161642-492894223-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1547161642-492894223-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca
IE - HKU\S-1-5-21-1547161642-492894223-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
IE - HKU\S-1-5-21-1547161642-492894223-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1547161642-492894223-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1547161642-492894223-1177238915-500\S-1-5-21-1547161642-492894223-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://google.ca"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3789
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2b}:1.1.11
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4


FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-07-02 13:34:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-11-03 15:19:00 | 00,000,000 | ---D | M]

[2009-05-11 12:29:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions
[2009-05-11 12:29:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-10-30 07:01:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\lrffd0qt.default\extensions
[2009-08-19 11:20:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\lrffd0qt.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009-05-16 14:00:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\lrffd0qt.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2b}
[2009-05-11 16:51:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\lrffd0qt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009-10-01 18:20:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\lrffd0qt.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009-08-26 06:44:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\lrffd0qt.default\extensions\optout@dubfire(2).net
[2009-10-30 07:01:19 | 00,001,342 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\lrffd0qt.default\searchplugins\crawlersrch.xml
[2009-05-11 15:02:58 | 00,002,399 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\lrffd0qt.default\searchplugins\daemon-search.xml
[2009-10-30 07:05:10 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-08-30 18:00:04 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009-07-02 13:35:10 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009-08-12 10:41:21 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2008-12-18 13:45:30 | 00,122,880 | ---- | M] (Google) -- C:\Program Files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
[2002-01-09 01:26:38 | 00,032,768 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2008-09-03 18:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009-07-02 13:34:45 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2003-07-15 05:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009-02-27 11:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008-12-18 14:52:52 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2008-12-18 14:53:46 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2008-12-18 14:52:10 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009-09-23 15:37:30 | 00,032,448 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll

O1 HOSTS File: (351646 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12054 more lines...
O2 - BHO: (no name) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - Reg Error: Value error. File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - No CLSID value found.
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-1547161642-492894223-1177238915-500\..\Toolbar\ShellBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-1547161642-492894223-1177238915-500\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-1547161642-492894223-1177238915-500\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-1547161642-492894223-1177238915-500..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Poppy for Windows.lnk = C:\Program Files\Poppy\Poppy.exe ( Jan G.P. Sijm)
O4 - Startup: C:\Documents and Settings\Guy Plqnte\Menu Démarrer\Programmes\Démarrage\Poppy for Windows.lnk = C:\Program Files\Poppy\Poppy.exe ( Jan G.P. Sijm)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1547161642-492894223-1177238915-500\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1547161642-492894223-1177238915-500\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1547161642-492894223-1177238915-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-492894223-1177238915-500_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1547161642-492894223-1177238915-500_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm File not found
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1547161642-492894223-1177238915-500\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 6676396781 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 7357971875 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.255.112.232 85.255.112.179 1.2.3.4
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-ir2007 {52BAEC6B-9405-46f9-A131-6D50720A3CC4} - C:\Program Files\ImpotRapide 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-ir2008 {729D3592-92E7-4cbc-8E44-3C22B3F457B3} - C:\Program Files\ImpotRapide 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-03-30 09:52:36 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (smrgdf) - File not found
O34 - HKLM BootExecute: (C:\Program) - File not found
O34 - HKLM BootExecute: (Files\iolo\System) - File not found
O34 - HKLM BootExecute: (Mechanic) - File not found
O34 - HKLM BootExecute: (Professional) - File not found
O34 - HKLM BootExecute: (6\) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009-11-19 19:36:16 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2009-11-19 19:36:16 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2009-11-19 19:36:15 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2009-11-19 19:36:15 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2009-11-19 19:36:15 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2009-11-19 19:36:15 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009-11-19 19:36:15 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2009-11-19 19:36:15 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2009-11-19 19:36:14 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2009-11-19 19:36:14 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2009-11-19 19:36:14 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2009-11-19 19:20:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
[2009-11-19 14:48:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Grisoft
[2009-11-19 14:48:27 | 00,010,872 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgAsCln.sys
[2009-11-19 14:48:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009-11-19 14:48:19 | 00,000,000 | ---D | C] -- C:\Program Files\Grisoft
[2009-11-19 13:08:20 | 00,119,808 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Administrateur\Bureau\VundoFix.exe
[2009-11-19 12:53:37 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2009-11-18 18:48:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\WinRAR
[2009-11-17 12:10:43 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrateur\Recent
[2009-11-17 12:01:11 | 00,000,000 | RH-D | C] -- C:\WINDOWS\System32\dllcache\agp440.sys
[2009-11-16 13:03:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\FTWeak
[2009-11-16 13:03:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FTWeak
[2009-11-16 13:03:27 | 00,000,000 | ---D | C] -- C:\Program Files\FCleaner
[2009-11-16 13:00:55 | 00,000,000 | ---D | C] -- C:\Program Files\Driver Sweeper
[2009-11-16 13:00:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\CapSystems
[2009-11-16 12:57:36 | 00,000,000 | ---D | C] -- C:\Program Files\CapSystems
[2009-11-16 12:53:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Smart PC Solutions
[2009-11-12 13:57:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2009-11-11 16:58:51 | 00,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009-11-11 16:58:51 | 00,018,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009-11-10 13:57:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\Safer Networking
[2009-11-10 13:57:23 | 00,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2009-11-09 19:48:52 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\ODBC
[2009-11-03 15:27:31 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2009-11-03 13:59:16 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009-11-03 13:34:31 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009-11-03 12:47:08 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009-10-29 19:29:08 | 02,146,304 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2009-10-28 17:30:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\PCHealth
[2009-10-28 14:50:00 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009-10-28 14:50:00 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009-10-28 14:49:59 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009-10-28 14:49:59 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009-10-28 14:49:54 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009-10-28 14:49:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009-10-28 13:07:08 | 00,116,736 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2009-10-28 13:06:12 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2009-10-28 13:06:07 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2009-10-28 13:05:12 | 00,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiacpi.sys
[2009-10-28 13:04:14 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys
[2009-10-28 13:02:46 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viaide.sys
[2009-10-28 13:02:44 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2009-10-28 13:01:41 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2009-10-28 13:01:40 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2009-10-28 13:01:38 | 00,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbohci.sys
[2009-10-28 13:01:35 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2009-10-28 12:59:09 | 00,082,944 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4mon.exe
[2009-10-28 12:58:07 | 00,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2009-10-28 12:56:10 | 00,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2009-10-28 12:54:23 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys
[2009-10-28 12:53:26 | 00,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys
[2009-10-28 12:53:25 | 00,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys
[2009-10-28 12:52:53 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2009-10-28 12:50:46 | 00,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2009-10-28 12:50:11 | 00,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2009-10-28 12:48:41 | 00,029,696 | ---- | C] (RICOH Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2009-10-28 12:48:39 | 00,028,160 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2009-10-28 12:48:02 | 00,079,360 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2009-10-28 12:46:30 | 00,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
[2009-10-28 12:46:09 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2009-10-28 12:45:43 | 00,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2009-10-28 12:45:37 | 00,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2009-10-28 12:44:43 | 00,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
[2009-10-28 12:44:41 | 00,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
[2009-10-28 12:44:40 | 00,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
[2009-10-28 12:44:39 | 00,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
[2009-10-28 12:42:14 | 00,061,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ohci1394.sys
[2009-10-28 12:41:26 | 00,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys
[2009-10-28 12:40:30 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2009-10-28 12:40:26 | 00,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2009-10-28 12:38:54 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2009-10-28 12:38:52 | 00,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2009-10-28 12:38:26 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2009-10-28 12:38:00 | 00,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2009-10-28 12:37:37 | 00,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2009-10-28 12:36:57 | 00,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys
[2009-10-28 12:35:56 | 00,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2009-10-28 12:35:09 | 00,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2009-10-28 12:34:58 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2009-10-28 12:34:57 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2009-10-28 12:34:55 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2009-10-28 12:34:45 | 00,254,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2009-10-28 12:34:43 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2009-10-28 12:34:00 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2009-10-28 12:33:30 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2009-10-28 12:33:25 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2009-10-28 12:33:24 | 00,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2009-10-28 12:33:20 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2009-10-28 12:31:08 | 00,702,845 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\i81xdnt5.dll
[2009-10-28 12:30:57 | 00,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys
[2009-10-28 12:30:55 | 00,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2009-10-28 12:28:12 | 00,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2009-10-28 12:28:02 | 00,028,544 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2009-10-28 12:27:48 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2009-10-28 12:27:46 | 00,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2009-10-28 12:23:25 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2009-10-28 12:22:50 | 00,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2009-10-28 12:22:38 | 00,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2009-10-28 12:20:18 | 00,252,416 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2009-10-28 12:19:46 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2009-10-28 12:19:32 | 00,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2009-10-28 12:19:05 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2009-10-28 12:18:52 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2009-10-28 12:18:37 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2009-10-28 12:17:13 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2009-10-28 12:17:12 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2009-10-28 12:17:05 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2009-10-28 12:16:53 | 00,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2009-10-28 12:16:49 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2009-10-28 12:14:41 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2009-10-28 12:14:39 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2009-10-28 12:14:27 | 00,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2009-10-28 12:10:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\GlarySoft
[2009-10-28 12:08:02 | 00,000,000 | ---D | C] -- C:\d36493a7c86af9ad64bd30bd
[2009-10-28 12:05:47 | 00,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2009-10-28 10:58:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009-10-28 10:58:40 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009-10-28 10:58:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009-10-28 10:58:25 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009-10-28 10:57:09 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009-10-28 10:57:09 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009-10-28 10:57:09 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009-10-28 10:57:09 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009-10-28 10:57:09 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009-10-28 10:57:09 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009-10-28 10:57:09 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009-10-28 10:57:08 | 00,000,000 | ---D | C] -- C:\36a3eaa9c10c757886d6bce38aa6e0
[2009-10-28 10:39:11 | 00,195,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2009-10-27 17:29:58 | 00,000,000 | ---D | C] -- C:\Program Files\Navilog1
[2009-10-27 17:01:40 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009-10-27 15:45:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Downloaded Installations
[2009-10-27 11:47:52 | 00,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2009-10-26 13:35:38 | 00,016,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2009-10-25 09:25:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Mes documents\a-squared Free
[2009-10-24 11:25:04 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009-10-24 11:25:01 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009-10-23 16:15:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009-10-23 12:14:43 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2006-03-31 06:54:22 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2006-03-31 06:54:22 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2004-01-19 14:46:18 | 00,140,800 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\xmasbus.sys
[2004-01-19 14:46:18 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\xmasscsi.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009-11-19 19:31:35 | 08,388,608 | ---- | M] () -- C:\Documents and Settings\Administrateur\ntuser.dat
[2009-11-19 19:31:33 | 00,111,104 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\zlob.doc
[2009-11-19 19:12:00 | 00,001,182 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-492894223-1177238915-500UA.job
[2009-11-19 19:00:04 | 00,000,526 | ---- | M] () -- C:\WINDOWS\tasks\Maintenance en 1 clic.job
[2009-11-19 18:12:02 | 00,001,130 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-492894223-1177238915-500Core.job
[2009-11-19 18:03:30 | 00,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1788223648-1606980848-1003.job
[2009-11-19 16:36:18 | 01,318,912 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\BUDGET 2009.xls
[2009-11-19 14:48:31 | 00,000,884 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\AVG Anti-Spyware.lnk
[2009-11-19 13:37:56 | 00,029,052 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\pad.rtf
[2009-11-19 13:37:43 | 00,005,370 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\procédure.rtf
[2009-11-19 13:10:20 | 01,872,472 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix.exe
[2009-11-19 13:08:46 | 00,228,109 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Navilog1.exe
[2009-11-19 13:08:26 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe
[2009-11-19 13:08:21 | 00,119,808 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Administrateur\Bureau\VundoFix.exe
[2009-11-19 12:37:55 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2009-11-19 12:34:00 | 00,001,000 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009-11-19 12:30:07 | 00,013,760 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-11-19 12:27:28 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009-11-19 12:22:30 | 00,000,330 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2009-11-19 12:22:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-11-19 12:22:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-11-18 20:00:06 | 00,000,284 | -HS- | M] () -- C:\Documents and Settings\Administrateur\ntuser.ini
[2009-11-18 18:48:49 | 00,001,769 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk
[2009-11-18 17:43:52 | 00,001,051 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009-11-17 14:39:56 | 08,388,608 | ---- | M] () -- C:\Documents and Settings\Administrateur\ntuser.dat.gbck
[2009-11-17 14:05:48 | 00,000,777 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-11-17 14:05:48 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-11-17 14:05:48 | 00,000,212 | -HS- | M] () -- C:\boot.ini
[2009-11-17 13:34:35 | 00,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009-11-16 15:02:22 | 00,115,088 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys
[2009-11-16 15:02:21 | 00,229,304 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009-11-16 15:02:21 | 00,070,280 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys
[2009-11-16 15:02:20 | 00,007,387 | ---- | M] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2009-11-16 15:02:08 | 00,087,656 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009-11-16 15:02:08 | 00,007,412 | ---- | M] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2009-11-16 13:03:32 | 00,000,665 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\FCleaner.lnk
[2009-11-15 16:02:46 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2009-11-13 19:33:03 | 00,155,136 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\classeur Guy 2008.xls
[2009-11-13 19:28:44 | 00,065,712 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009-11-13 19:20:38 | 00,251,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-11-13 13:01:50 | 00,351,646 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009-11-10 15:43:49 | 00,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-11-10 12:48:30 | 00,000,710 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Glary Utilities.lnk
[2009-11-07 10:10:01 | 00,000,832 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Spyware Terminator.lnk
[2009-11-06 16:14:06 | 00,034,304 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-11-05 17:07:25 | 04,808,432 | -H-- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\IconCache.db
[2009-11-05 13:54:49 | 00,000,044 | ---- | M] () -- C:\WINDOWS\SMWizard.INI
[2009-11-05 12:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009-11-04 19:06:56 | 00,062,976 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\code.doc
[2009-11-03 15:27:33 | 00,000,865 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Microsoft Security Essentials.lnk
[2009-11-03 13:59:09 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009-11-03 13:59:04 | 00,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009-11-03 13:28:31 | 00,000,914 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Ad-Aware.lnk
[2009-11-03 13:04:53 | 01,057,124 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-11-03 13:04:53 | 00,503,238 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009-11-03 13:04:53 | 00,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-11-03 13:04:53 | 00,081,386 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009-11-03 13:04:53 | 00,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-11-02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2009-10-30 06:55:54 | 00,001,583 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\CCleaner.lnk
[2009-10-29 19:29:08 | 02,146,304 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2009-10-28 14:29:14 | 00,013,760 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2009-10-28 14:29:11 | 00,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2009-10-27 17:29:41 | 00,001,667 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Update Checker.lnk
[2009-10-26 16:02:57 | 00,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009-10-26 15:40:14 | 00,001,706 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009-10-26 15:40:10 | 00,000,783 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091113-082241.backup
[2009-10-25 09:25:37 | 00,000,683 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\a-squared Free.lnk
[2009-10-24 09:57:27 | 00,000,998 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Spybot - Search & Destroy.lnk
[2009-10-22 04:17:28 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009-10-22 04:17:28 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009-11-19 19:36:15 | 00,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009-11-19 19:36:15 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2009-11-19 19:36:14 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2009-11-19 19:31:33 | 00,111,104 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\zlob.doc
[2009-11-19 14:48:31 | 00,000,884 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\AVG Anti-Spyware.lnk
[2009-11-19 13:37:56 | 00,029,052 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\pad.rtf
[2009-11-19 13:37:43 | 00,005,370 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\procédure.rtf
[2009-11-19 13:08:46 | 00,228,109 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Navilog1.exe
[2009-11-19 13:08:37 | 01,872,472 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix.exe
[2009-11-19 13:08:29 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe
[2009-11-18 18:48:49 | 00,001,769 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk
[2009-11-16 15:02:20 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2009-11-16 15:02:08 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2009-11-16 13:03:32 | 00,000,665 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\FCleaner.lnk
[2009-11-15 16:02:46 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2009-11-10 12:48:30 | 00,000,710 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Glary Utilities.lnk
[2009-11-07 10:10:01 | 00,000,832 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Spyware Terminator.lnk
[2009-11-03 15:32:56 | 00,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009-11-03 15:27:33 | 00,000,865 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Microsoft Security Essentials.lnk
[2009-11-03 15:01:51 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009-11-03 13:40:04 | 00,000,998 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Spybot - Search & Destroy.lnk
[2009-11-03 13:38:35 | 00,000,492 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009-11-03 13:28:31 | 00,000,914 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Ad-Aware.lnk
[2009-10-30 06:55:54 | 00,001,583 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\CCleaner.lnk
[2009-10-28 14:29:15 | 00,013,760 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2009-10-28 13:07:01 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2009-10-28 12:46:03 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2009-10-28 12:45:56 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2009-10-28 12:38:01 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2009-10-28 12:06:36 | 00,000,330 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2009-10-25 09:25:37 | 00,000,683 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\a-squared Free.lnk
[2009-09-01 11:24:38 | 00,064,260 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\prvlcl.dat
[2009-08-30 17:35:15 | 00,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2009-07-20 13:10:12 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\vaxscsi.sys
[2009-07-02 15:00:13 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\housecall.guid.cache
[2009-06-03 13:24:49 | 00,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2009-05-18 11:46:11 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009-05-18 11:46:11 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009-05-11 15:00:48 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-05-11 08:37:08 | 00,034,304 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-05-06 17:36:37 | 00,065,712 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009-03-30 12:34:48 | 04,808,432 | -H-- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\IconCache.db
[2009-03-30 10:42:47 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2009-03-30 09:59:07 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrateur\Application Data\desktop.ini
[2009-03-30 04:32:03 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009-01-13 14:40:11 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-12-31 10:41:29 | 00,004,892 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dyaniilw.kxq
[2008-12-15 11:36:45 | 00,000,052 | ---- | C] () -- C:\WINDOWS\HGSpeech.ini
[2008-12-13 11:41:05 | 00,000,077 | ---- | C] () -- C:\WINDOWS\huffyuv.ini
[2008-10-02 12:49:20 | 00,000,394 | ---- | C] () -- C:\WINDOWS\capture.ini
[2007-10-09 16:16:25 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2007-07-15 21:44:32 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2007-07-15 21:41:08 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007-06-11 07:51:12 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007-03-07 14:01:19 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\xpsacdma01.dll
[2007-03-03 10:01:42 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2007-03-03 10:01:42 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2007-01-25 11:31:36 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006-06-29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006-06-29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006-05-17 17:32:22 | 00,000,891 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006-04-18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006-04-18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006-04-14 17:35:57 | 00,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006-03-20 07:14:32 | 00,001,051 | ----
latourelle
 
Messages: 14
Inscription: 19 Nov 2009, 01:17

Messagede latourelle » 20 Nov 2009, 02:07

[2006-03-20 07:14:32 | 00,001,051 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006-03-10 20:14:56 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2006-03-03 08:09:45 | 00,001,208 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2006-02-28 14:33:07 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006-02-28 14:33:07 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006-01-11 12:37:40 | 00,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv9869-2p1now.sys
[2006-01-05 09:32:47 | 00,000,777 | ---- | C] () -- C:\WINDOWS\win.ini
[2006-01-05 09:32:42 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005-12-25 14:12:09 | 00,000,299 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2005-12-23 10:40:47 | 00,000,023 | ---- | C] () -- C:\WINDOWS\FLASHKSK.INI
[2005-12-23 10:40:45 | 00,030,721 | ---- | C] () -- C:\WINDOWS\System32\32of32i.dll
[2005-12-23 10:40:45 | 00,002,204 | ---- | C] () -- C:\WINDOWS\System32\drivers\UNINST2K.SYS
[2005-12-22 15:54:53 | 00,002,731 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2005-12-22 15:54:51 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005-11-11 12:47:00 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005-07-30 09:04:59 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2005-07-27 15:13:58 | 00,000,104 | ---- | C] () -- C:\WINDOWS\Kyor.ini
[2005-07-27 14:55:10 | 00,000,048 | ---- | C] () -- C:\WINDOWS\REGKEYCR.INI
[2005-06-15 16:20:00 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005-04-03 14:08:23 | 00,000,009 | ---- | C] () -- C:\WINDOWS\daemount.ini
[2005-04-03 14:08:20 | 00,028,673 | ---- | C] () -- C:\WINDOWS\System32\ovegkey.dll
[2005-03-17 22:34:45 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005-02-13 15:56:40 | 00,000,660 | -HS- | C] () -- C:\WINDOWS\dwin.sys
[2005-01-21 17:20:15 | 00,000,151 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2005-01-21 17:15:23 | 00,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2005-01-05 15:46:30 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\NMH040A.DLL
[2005-01-04 13:31:24 | 00,081,920 | ---- | C] () -- C:\WINDOWS\asr32311.dll
[2005-01-04 13:31:02 | 00,096,256 | ---- | C] () -- C:\WINDOWS\System32\Smackw32.dll
[2004-12-28 10:35:37 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2004-12-20 17:24:03 | 01,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004-12-07 17:45:29 | 00,000,041 | ---- | C] () -- C:\WINDOWS\crw.ini
[2004-12-01 14:47:04 | 00,000,092 | -HS- | C] () -- C:\Program Files\desktop.ini
[2004-11-10 14:09:56 | 00,000,635 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2004-10-11 12:34:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI
[2004-08-18 12:08:05 | 00,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004-07-16 11:16:29 | 00,000,010 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004-06-13 18:56:27 | 00,389,120 | ---- | C] () -- C:\WINDOWS\System32\XVID.DLL
[2004-04-21 13:49:01 | 00,001,515 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI
[2004-03-31 19:56:18 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2004-03-31 19:56:18 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2004-03-31 17:34:59 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2004-03-18 06:37:04 | 00,589,824 | ---- | C] () -- C:\WINDOWS\System32\OC601as.dll
[2004-03-16 13:57:11 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\DCOMUdpClient32.dll
[2004-03-06 20:51:09 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2004-02-07 17:02:28 | 00,000,114 | ---- | C] () -- C:\WINDOWS\ClonyDrives.ini
[2004-02-07 16:55:40 | 00,000,380 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2004-01-22 19:09:19 | 00,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2004-01-22 19:09:19 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2003-12-18 14:41:28 | 00,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2003-12-11 17:35:53 | 00,000,037 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2003-12-06 18:07:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2003-11-27 20:34:35 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2003-11-27 20:34:35 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2003-11-27 20:34:35 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2003-11-27 20:34:35 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2003-11-27 20:34:35 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2003-11-23 19:41:43 | 00,000,067 | ---- | C] () -- C:\WINDOWS\Morphexe.INI
[2003-11-15 11:27:36 | 00,616,448 | ---- | C] () -- C:\WINDOWS\System32\CHCtlPnl.dll
[2003-11-15 11:27:36 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\CHCplSvr.dll
[2003-11-14 18:07:15 | 00,000,632 | ---- | C] () -- C:\WINDOWS\Edofma.INI
[2003-11-11 09:48:13 | 00,024,575 | ---- | C] () -- C:\WINDOWS\System32\Usengwinsyspios.dll
[2003-10-31 18:14:06 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2003-10-24 10:07:17 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2003-10-14 18:42:06 | 00,000,057 | ---- | C] () -- C:\WINDOWS\emule.INI
[2003-10-12 14:00:51 | 00,000,035 | ---- | C] () -- C:\WINDOWS\CORR101.INI
[2003-10-09 12:14:56 | 00,000,549 | ---- | C] () -- C:\WINDOWS\bobdown.ini
[2003-10-06 13:16:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2003-10-06 13:16:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003-10-03 18:10:27 | 00,000,974 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003-04-01 09:58:02 | 00,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001-10-24 15:00:40 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[1999-08-31 15:55:18 | 00,031,746 | ---- | C] () -- C:\WINDOWS\System32\me2knk_.dll
[1999-08-31 15:55:18 | 00,030,723 | ---- | C] () -- C:\WINDOWS\System32\knsxhel.dll
[1999-08-31 15:55:18 | 00,028,674 | ---- | C] () -- C:\WINDOWS\System32\elcp32i.dll
[1999-08-31 15:55:18 | 00,025,603 | ---- | C] () -- C:\WINDOWS\System32\cphhog2.dll
[1999-08-31 15:55:18 | 00,020,483 | ---- | C] () -- C:\WINDOWS\System32\yhunfpi.dll
[1999-08-31 15:55:18 | 00,010,242 | ---- | C] () -- C:\WINDOWS\System32\2kmrtal.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
<End>
latourelle
 
Messages: 14
Inscription: 19 Nov 2009, 01:17

Messagede latourelle » 20 Nov 2009, 02:08

OTL Extras logfile created on: 2009-11-19 19:49:11 - Run 2
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

1015,48 Mb Total Physical Memory | 496,74 Mb Available Physical Memory | 48,92% Memory free
2,01 Gb Paging File | 1,46 Gb Available in Paging File | 72,73% Paging File free
Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 12,30 Gb Free Space | 33,00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PARENTS
Current User Name: Administrateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1547161642-492894223-1177238915-500\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\a-squared Free\a2free.exe" = C:\Program Files\a-squared Free\a2free.exe:*:Enabled:a-squared Free -- (Emsi Software GmbH)
"C:\Program Files\Spyware Terminator\SpywareTerminator.Exe" = C:\Program Files\Spyware Terminator\SpywareTerminator.Exe:*:Enabled:Spyware Terminator -- (Crawler.com)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07183840-959A-4B0D-8825-2C533F0DDB19}" = Microsoft Encarta Maths
"{09181881-2C94-4A67-8E55-8483C019C7D2}" = Microsoft Encarta 2009 - Études
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic UDF Reader
"{12118183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}" = Les Indispensables Éducation pour Microsoft Office
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96172E04-BB14-45F6-A77B-8EE7A421B903}" = SAPI Wrapper
"{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}" = TTS Wrapper
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4526B5A-89C0-4F4B-9E6E-4F883374D5F9}" = Microsoft Antimalware Service FR-FR Language Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{a9545a43-01b3-44f0-93d7-08432c60821a}" = Nero 9 Essentials
"{AC76BA86-7AD7-1036-7B44-A92000000001}" = Adobe Reader 9.2 - Français
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C82185E8-C27B-4EF4-2009-4444BC2C2B6D}" = Microsoft Streets & Trips 2009
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{F61DD673-0030-4BB2-A382-7E57E97F1033}" = Nero 7 Essentials
"{F870B987-18BC-45FC-9BE8-35C02DCDA10F}" = Broadcom NetXtreme Ethernet Controller
"{WBEncarta_6189F431-6CA5-4A17-80F8-8B92994B4B00}" = WBEncarta
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agfa ScanWise 2.00" = Agfa ScanWise 2.00
"a-squared Free_is1" = a-squared Free 4.5
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CookieCrumbler_is1" = CookieCrumbler
"FCleaner_is1" = FCleaner 1.2.6.1102
"FileHippo.com" = FileHippo.com Update Checker
"FlashGet(Jetcar) 1.80" = FlashGet(Jetcar) 1.80
"Glary Utilities_is1" = Glary Utilities 2.17.0.776
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PC Tools Firewall Plus" = PC Tools Firewall Plus 6.0
"Picasa 3" = Picasa 3
"Poppy for Windows" = Poppy for Windows
"Spyware Terminator_is1" = Spyware Terminator
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1547161642-492894223-1177238915-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2009-11-19 16:28:14 | Computer Name = PARENTS | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : Cette connexion réseau n'existe pas.

Error - 2009-11-19 16:28:14 | Computer Name = PARENTS | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : Cette connexion réseau n'existe pas.

Error - 2009-11-19 16:28:14 | Computer Name = PARENTS | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : Cette connexion réseau n'existe pas.

Error - 2009-11-19 16:28:14 | Computer Name = PARENTS | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : Cette connexion réseau n'existe pas.

Error - 2009-11-19 16:28:14 | Computer Name = PARENTS | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : Cette connexion réseau n'existe pas.

Error - 2009-11-19 16:28:14 | Computer Name = PARENTS | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : Cette connexion réseau n'existe pas.

Error - 2009-11-19 16:28:37 | Computer Name = PARENTS | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : A connection with the server could not be established

Error - 2009-11-19 16:28:37 | Computer Name = PARENTS | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : Cette connexion réseau n'existe pas.

Error - 2009-11-19 16:28:44 | Computer Name = PARENTS | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : Cette connexion réseau n'existe pas.

Error - 2009-11-19 16:28:44 | Computer Name = PARENTS | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : Cette connexion réseau n'existe pas.

[ System Events ]
Error - 2009-11-19 13:30:07 | Computer Name = PARENTS | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
dmserver à une transaction.

Error - 2009-11-19 13:30:07 | Computer Name = PARENTS | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
FastUserSwitchingCompatibility à une transaction.

Error - 2009-11-19 13:30:07 | Computer Name = PARENTS | Source = Service Control Manager | ID = 7000
Description = Le service Compatibilité avec le Changement rapide d'utilisateur n'a
pas pu démarrer en raison de l'erreur : %%1053

Error - 2009-11-19 13:30:07 | Computer Name = PARENTS | Source = Service Control Manager | ID = 7000
Description = Le service Services de cryptographie n'a pas pu démarrer en raison
de l'erreur : %%1062

Error - 2009-11-19 13:37:20 | Computer Name = PARENTS | Source = Microsoft Antimalware | ID = 2001
Description = %%861 a rencontré une erreur lors d'une tentative de mise à jour de
signature. Nouvelle version de la signature : Ancienne version de la signature :
1.69.919.0 Source de la mise à jour : %%859 Phase de la mise à jour : %%852 Chemin
d'accès source : http://www.microsoft.com Type de signature : %%800 Type de mise
à jour : %%803 Utilisateur : AUTORITE NT\SYSTEM Version actuelle du moteur : Version
précédente du moteur : 1.1.5202.0 Code d'erreur : 0x80072efd Description de l'erreur :
A connection with the server could not be established

Error - 2009-11-19 13:37:26 | Computer Name = PARENTS | Source = Microsoft Antimalware | ID = 2001
Description = %%861 a rencontré une erreur lors d'une tentative de mise à jour de
signature. Nouvelle version de la signature : Ancienne version de la signature :
1.69.919.0 Source de la mise à jour : %%851 Phase de la mise à jour : %%852 Chemin
d'accès source : http://go.microsoft.com/fwlink/?LinkID= ... 61FCBCFCDE

Type
de signature : %%800 Type de mise à jour : %%803 Utilisateur : AUTORITE NT\SERVICE
RÉSEAU Version actuelle du moteur : Version précédente du moteur : 1.1.5202.0 Code
d'erreur : 0x80072efd Description de l'erreur : A connection with the server could
not be established

Error - 2009-11-19 13:37:26 | Computer Name = PARENTS | Source = Microsoft Antimalware | ID = 2001
Description = %%861 a rencontré une erreur lors d'une tentative de mise à jour de
signature. Nouvelle version de la signature : Ancienne version de la signature :
1.69.919.0 Source de la mise à jour : %%851 Phase de la mise à jour : %%852 Chemin
d'accès source : http://go.microsoft.com/fwlink/?LinkID= ... 61FCBCFCDE

Type
de signature : %%801 Type de mise à jour : %%803 Utilisateur : AUTORITE NT\SERVICE
RÉSEAU Version actuelle du moteur : Version précédente du moteur : 1.1.5202.0 Code
d'erreur : 0x80072efd Description de l'erreur : A connection with the server could
not be established

Error - 2009-11-19 13:37:26 | Computer Name = PARENTS | Source = Microsoft Antimalware | ID = 2001
Description = %%861 a rencontré une erreur lors d'une tentative de mise à jour de
signature. Nouvelle version de la signature : Ancienne version de la signature :
1.69.919.0 Source de la mise à jour : %%851 Phase de la mise à jour : %%852 Chemin
d'accès source : http://go.microsoft.com/fwlink/?LinkID= ... 61FCBCFCDE

Type
de signature : %%800 Type de mise à jour : %%803 Utilisateur : AUTORITE NT\SERVICE
RÉSEAU Version actuelle du moteur : Version précédente du moteur : 1.1.5202.0 Code
d'erreur : 0x80072efd Description de l'erreur : A connection with the server could
not be established

Error - 2009-11-19 13:37:26 | Computer Name = PARENTS | Source = Microsoft Antimalware | ID = 2001
Description = %%861 a rencontré une erreur lors d'une tentative de mise à jour de
signature. Nouvelle version de la signature : Ancienne version de la signature :
1.69.919.0 Source de la mise à jour : %%851 Phase de la mise à jour : %%852 Chemin
d'accès source : http://go.microsoft.com/fwlink/?LinkID= ... 61FCBCFCDE

Type
de signature : %%801 Type de mise à jour : %%803 Utilisateur : AUTORITE NT\SERVICE
RÉSEAU Version actuelle du moteur : Version précédente du moteur : 1.1.5202.0 Code
d'erreur : 0x80072efd Description de l'erreur : A connection with the server could
not be established

Error - 2009-11-19 14:29:47 | Computer Name = PARENTS | Source = Print | ID = 6161
Description = Impossible d'imprimer le document Document appartenant à Administrateur
sur l'imprimante Auto HP OfficeJet V40 sur CLIENT-89915683. Type de données : NT
EMF 1.008. Taille du fichier spoule en octets : 276488. Nombre d'octets imprimés
: 0. Nombre de pages dans le document : 11. Nombre de pages imprimées : 0. Ordinateur
client : \\PARENTS. Le code d'erreur Win32 renvoyé par le processeur d'impression
était : 53 (0x35).

[ TuneUp Events ]
Error - 2009-11-16 13:22:50 | Computer Name = PARENTS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-16 12:22:50', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','1508',0)

Error - 2009-11-16 16:04:39 | Computer Name = PARENTS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-16 15:04:39', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','1212',0)

Error - 2009-11-17 13:54:08 | Computer Name = PARENTS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-17 12:54:08', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2128',0)

Error - 2009-11-17 15:01:37 | Computer Name = PARENTS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-17 14:01:37', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','500',0)

Error - 2009-11-17 18:19:08 | Computer Name = PARENTS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-17 17:19:08', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','1076',0)

Error - 2009-11-18 11:43:24 | Computer Name = PARENTS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-18 10:43:24', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2028',0)

Error - 2009-11-18 18:44:04 | Computer Name = PARENTS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-18 17:44:04', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','1332',0)

Error - 2009-11-19 13:39:21 | Computer Name = PARENTS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-19 12:39:21', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2044',0)

Error - 2009-11-19 14:48:53 | Computer Name = PARENTS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-19 13:48:53', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','1520',0)

Error - 2009-11-19 20:23:47 | Computer Name = PARENTS | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-19 19:23:47', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','5404',0)


<End>
latourelle
 
Messages: 14
Inscription: 19 Nov 2009, 01:17

Messagede nickW » 21 Nov 2009, 00:51

Bonsoir,


Tu avais installé AVG Anti-Spyware 7.5 en version gratuite, il faut le désinstaller: ce programme n'existe plus en tant qu'application autonome (il a été intégré à AVG Antivirus) et il n'y a plus aucune mise à jour depuis le 01/01/2009.


Il y a tellement de programmes de surveillance en temps réel que la procédure précédente n'a pas fonctionné correctement.

Existe-t-il un profil utilisateur ayant les droits d'administration qui ne soit pas le profil "Administrateur" normalement réservé?
Dans l'affirmative, il faut l'utiliser pour effectuer ce qui suit:


Je te conseille d'imprimer la procédure, ou d'en sélectionner toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC (Note: tu n'auras pas accès à Internet, ni au navigateur, et des redémarrages sont possibles).
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.



Étape 1: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus et celui des anti-spyware.
Image Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "Activer Antivir Guard/AntiVir Guard enable"
Image Microsoft Security Essentials: ouvrir MSE, dans l'onglet "Paramètres" décocher la case située devant "Activer la protection en temps réel (recommandé)"
Image Spyware Terminator: Lancer Spyware Terminator via le menu Démarrer, Ouvrir le menu Protection en temps réel, Décocher la case située devant Activer la protection en temps réel, Valider en cliquant sur Enregistrer
Image Windows Defender: Démarrer---->Tous les programmes---->Windows Defender; cliquer sur "Outils", puis sur "Options"; Sous "Options de protection en temps réel", désactiver la case à cocher "Utiliser la protection en temps réel (recommandé)", puis cliquer sur "Enregistrer"


Étape 2: SmitFraudFix (de S!ri), option 5: Recherche et suppression détournement DNS
Fermer toutes les fenêtres de programme ouvertes. Fermer tous les navigateurs (pas d'Internet Explorer, Firefox, Opera, etc, ouvert).
Faire un double clic sur SmitfraudFix.exe pour lancer l'outil.
Appuyer sur n'importe quelle touche après avoir lu le message d'avertissement.
Après l'affichage du menu, taper 5 puis faire Entrée pour corriger le détournement DNS.


Étape 3: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats".

Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection"
Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 4: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus et celui des anti-spyware.


Étape 5: OTL (de OldTimer), analyse
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cocher (en haut) la case située devant Scan All Users:
Image

Puis cliquer sur le bouton Run Scan:
Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 6: Résultats
Envoyer en réponse:
*- le rapport de SmitFraudFix, option 5 (contenu du fichier SystemDrive\rapport.txt).
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
Note importante:
Si ce rapport de SmitFraudFix contient des dizaines de lignes commençant par "127.0.0.1", il ne faut pas toutes les envoyer sur le forum.
Il ne faut envoyer que les 15 premières lignes commençant par "127.0.0.1" avec le reste du log.

*- le log de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-*-**-**** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs / *-**-**** (**-**-**) représente la date [mois-jour-année] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du log):
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 34 invités

cron