Demande d'analyse de logs

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Demande d'analyse de logs

Messagede benyoyo » 16 Déc 2009, 00:12

Bonjour,
et merci d'avance de votre aide.

Mes symptômes sont des ouvertures répétées de pages internet explorer alors que j'utilise habituellement firefox.
Cela se passe alors même que je ne suis pas en train de surfer.

Donc voici les logs.
D'abord celui de Malwarebytes.

Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3368
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

15/12/2009 23:46:51
mbam-log-2009-12-15 (23-46-43).txt

Type de recherche: Examen rapide
Eléments examinés: 138101
Temps écoulé: 15 minute(s), 20 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 10

Processus mémoire infecté(s):
C:\WINDOWS\msa.exe (Trojan.Agent) -> No action taken.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\sshnas.dll (Trojan.FakeAlert) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ZagrebLand (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Videocan (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zagrebland (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
C:\Documents and Settings\LocalService\Application Data\wsnpoem (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NetworkService\Application Data\wsnpoem (Trojan.Agent) -> No action taken.

Fichier(s) infecté(s):
C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Benjamin LEROY\Local Settings\Temp\c.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Benjamin LEROY\results.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\msa.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Benjamin LEROY\Local Settings\Temp\a.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Benjamin LEROY\Local Settings\Temp\b.exe (Trojan.Dropper) -> No action taken.
C:\WINDOWS\system32\sshnas.dll (Trojan.FakeAlert) -> No action taken.
benyoyo
 
Messages: 8
Inscription: 16 Déc 2009, 00:06

Messagede benyoyo » 16 Déc 2009, 00:13

La suite, le contenu de OTL.txt :

OTL logfile created on: 15/12/2009 23:48:59 - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Benjamin LEROY\Bureau
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1022,48 Mb Total Physical Memory | 341,85 Mb Available Physical Memory | 33,43% Memory free
2,40 Gb Paging File | 1,62 Gb Available in Paging File | 67,38% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 0,82 Gb Free Space | 1,10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 7,58 Mb Total Space | 7,58 Mb Free Space | 99,95% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZD8000
Current User Name: Benjamin LEROY
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/15 18:52:33 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Benjamin LEROY\Bureau\OTL.exe
PRC - [2009/12/15 14:50:52 | 00,214,016 | ---- | M] () -- C:\WINDOWS\msa.exe
PRC - [2009/12/12 17:03:34 | 02,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/11/18 18:21:36 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/11/18 18:21:33 | 01,184,912 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/09/14 08:30:11 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/09/14 08:30:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/24 05:58:35 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/24 05:58:34 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/24 05:58:28 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/24 05:58:26 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/24 05:58:15 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/01/28 12:22:20 | 04,751,360 | ---- | M] (hMailServer) -- C:\Program Files\hMailServer\Bin\hMailServer.exe
PRC - [2008/12/08 14:50:04 | 00,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
PRC - [2008/09/23 13:17:08 | 00,076,744 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2008/09/23 13:17:06 | 21,755,688 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2008/09/12 17:00:48 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
PRC - [2007/11/16 19:20:26 | 00,091,432 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2007/10/28 09:35:48 | 00,072,736 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2007/06/13 14:22:28 | 01,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/24 07:57:21 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2006/07/25 21:44:12 | 00,401,408 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006/01/26 16:32:16 | 00,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2005/05/23 03:36:12 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2005/04/01 14:11:14 | 00,794,624 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2005/03/08 20:05:00 | 00,339,968 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/03/04 11:16:18 | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\Shared\hpqwmi.exe
PRC - [2005/02/22 15:32:14 | 00,038,912 | ---- | M] () -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
PRC - [2005/02/02 13:12:22 | 00,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/02/02 13:11:12 | 00,692,316 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2004/12/03 12:24:20 | 00,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2004/10/13 15:04:14 | 00,278,528 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2004/10/13 15:03:54 | 00,327,680 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2004/08/05 09:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2004/08/05 09:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2002/12/02 15:17:37 | 00,073,728 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
PRC - [1999/04/06 13:27:42 | 00,046,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE


========== Modules (SafeList) ==========

MOD - [2009/12/15 18:52:33 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Benjamin LEROY\Bureau\OTL.exe
MOD - [2006/08/25 16:51:12 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005/02/02 13:12:14 | 00,069,724 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/15 14:50:39 | 00,274,432 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\sshnas.dll -- (SSHNAS)
SRV - [2009/11/18 18:21:33 | 01,184,912 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/30 11:12:57 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Service Google Update (gupdate)
SRV - [2009/09/14 08:30:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/08/24 05:58:26 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/24 05:58:15 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/01/28 12:22:20 | 04,751,360 | ---- | M] (hMailServer) [Auto | Running] -- C:\Program Files\hMailServer\Bin\hMailServer.exe -- (hMailServer)
SRV - [2007/03/28 20:29:50 | 00,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2006/07/25 21:44:12 | 00,401,408 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/01/26 16:32:16 | 00,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/03/04 11:16:18 | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files\HPQ\Shared\hpqwmi.exe -- (hpqwmi)
SRV - [2005/02/22 15:32:14 | 00,038,912 | ---- | M] () [Auto | Running] -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2004/10/13 15:03:54 | 00,327,680 | ---- | M] (Apple Computer, Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService)
SRV - [2004/01/23 12:53:30 | 00,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2009/09/23 13:55:23 | 00,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/08/24 05:58:34 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/24 05:58:34 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/11 07:07:08 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/01/29 23:57:58 | 00,023,976 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007/11/15 07:56:08 | 00,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/11/13 11:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/11/05 20:57:46 | 00,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2007/06/21 20:54:52 | 00,394,984 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/05/23 03:15:00 | 00,547,744 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2007/03/29 08:38:42 | 00,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2006/11/06 17:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2006/09/27 22:53:22 | 00,036,560 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/07/25 21:51:58 | 01,681,408 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/13 18:34:20 | 00,077,072 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k600obex.sys -- (k600obex)
DRV - [2006/03/13 18:34:18 | 00,079,248 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k600mgmt.sys -- (k600mgmt)
DRV - [2006/03/13 18:34:12 | 00,087,456 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k600mdm.sys -- (k600mdm)
DRV - [2006/03/13 18:34:08 | 00,006,096 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k600mdfl.sys -- (k600mdfl)
DRV - [2006/03/13 18:34:02 | 00,052,384 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k600bus.sys -- (k600bus) Sony Ericsson 600i driver (WDM)
DRV - [2006/02/19 18:59:31 | 00,039,488 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Pcouffin.sys -- (Pcouffin)
DRV - [2006/01/26 16:32:18 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2005/10/21 02:47:05 | 00,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2005/10/16 07:00:00 | 00,012,928 | ---- | M] (Bo Brantén) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\filedisk.sys -- (FileDisk)
DRV - [2005/09/27 08:00:02 | 00,069,920 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TPkd.sys -- (TPkd)
DRV - [2005/05/18 12:52:56 | 00,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4)
DRV - [2005/04/14 17:33:34 | 00,015,360 | ---- | M] (LaCie Group) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SlUSBFlt.sys -- (SlUSBFlt) Silver USB Filter (USB BUS Filter Driver)
DRV - [2005/03/16 13:43:06 | 00,159,488 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/03/15 16:04:00 | 00,161,792 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov530vid.sys -- (ovt530)
DRV - [2005/03/10 10:41:52 | 00,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/03/04 12:10:26 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/02/02 12:58:58 | 00,191,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/01/04 21:48:00 | 00,031,488 | R--- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcwu2dtd.sys -- (HCWU2DTD)
DRV - [2004/12/21 20:40:00 | 00,016,768 | R--- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcwusdtl.sys -- (HCWU2DTL)
DRV - [2004/12/15 16:18:34 | 00,207,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/12/15 16:18:28 | 00,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 16:18:26 | 01,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/12/08 10:46:14 | 00,013,715 | ---- | M] (LaCie Group S.A.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SlFilter.sys -- (SlFilter) Silver 1394 Filter (1394 BUS Filter Driver)
DRV - [2004/11/17 11:17:58 | 00,280,192 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004/11/17 11:17:14 | 00,293,120 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2004/09/14 13:38:26 | 00,013,872 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2004/08/05 09:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/05 09:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2004/08/03 23:10:14 | 00,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2004/08/03 22:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2004/07/08 11:10:06 | 00,053,816 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004/04/14 06:36:50 | 00,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/03/17 12:04:14 | 00,013,059 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/11/28 17:34:40 | 00,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2003/09/19 02:21:00 | 00,084,608 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\drvmcdb.sys -- (drvmcdb)
DRV - [2003/08/01 13:47:24 | 00,029,239 | ---- | M] (Pinnacle Systems) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vobid.sys -- (VOBID)
DRV - [2003/07/16 21:28:02 | 00,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CBTNDIS5.sys -- (CBTNDIS5)
DRV - [2003/06/06 10:46:16 | 00,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2002/11/28 15:18:04 | 00,015,360 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2002/11/28 11:43:49 | 00,022,016 | ---- | M] (Elaborate Bytes AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys -- (ElbyVCD)
DRV - [2002/07/17 08:53:02 | 00,016,877 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/10/22 11:18:36 | 00,017,600 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hppaufd0.sys -- (dot4ufd)
DRV - [2001/08/23 16:21:42 | 00,036,937 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/07/13 12:56:14 | 00,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006\S-1-5-21-2647311919-3796938599-2237506717-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006\S-1-5-21-2647311919-3796938599-2237506717-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?source=gama&hl=fr"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.424
FF - prefs.js..extensions.enabledItems: {75493B06-1504-4976-9A55-B6FE240FF0BF}:2.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/11/03 08:49:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/09/12 17:01:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/29 18:58:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/29 18:58:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/08/24 20:11:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/03/29 18:11:35 | 00,000,000 | ---D | M]

[2008/08/29 08:22:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\Mozilla\Extensions
[2009/12/15 13:41:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\Mozilla\Firefox\Profiles\xx051o2v.default\extensions
[2009/03/03 17:20:51 | 00,000,000 | ---D | M] (Barre de confiance) -- C:\Documents and Settings\Benjamin LEROY\Application Data\Mozilla\Firefox\Profiles\xx051o2v.default\extensions\{75493B06-1504-4976-9A55-B6FE240FF0BF}
[2007/01/26 09:19:53 | 00,000,000 | ---D | M] (Fasterfox) -- C:\Documents and Settings\Benjamin LEROY\Application Data\Mozilla\Firefox\Profiles\xx051o2v.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2007/10/01 16:36:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\Mozilla\Firefox\Profiles\xx051o2v.default\extensions\videodowloader@videodownloader.net
[2009/12/15 13:41:25 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/10/25 09:17:00 | 00,237,568 | ---- | M] (Virtools SA) -- C:\Program Files\Mozilla Firefox\plugins\npvirtools.dll
[2008/08/29 08:21:43 | 00,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2008/04/01 20:06:47 | 00,002,151 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2008/11/18 11:12:06 | 00,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2008/08/29 08:21:43 | 00,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2008/08/29 08:21:43 | 00,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2008/08/29 08:21:43 | 00,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: (0 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (bho2gr Class) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CloneCDElbyCDFL] C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [fnacVOD] C:\Program Files\fnacVOD\fnacVOD.exe (GLOW ENTERTAINMENT GROUP SA)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006..\Run: [MediaDICO9Ut] C:\Program Files\Micro Application\9 Dictionnaires Utiles\LanceMediaDICO9Ut.exe (L'Aventure Multimedia)
O4 - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006..\Run: [VoipBuster] C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe File not found
O4 - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006..\Run: [ZagrebLand] C:\Documents and Settings\Benjamin LEROY\Local Settings\Temp\c.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Documents and Settings\Benjamin LEROY\Local Settings\Temp\nos_uninstall_Adobe.dll (NOS Microsystems Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Benjamin LEROY\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler.exe ()
O4 - Startup: C:\Documents and Settings\Benjamin LEROY\Menu Démarrer\Programmes\Démarrage\Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe (Pinnacle Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resourc ... oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 8604240015 (MUWebControl Class)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://www.photostation.fr/aurigma/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.4.2_15)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} http://asp12.photoprintit.de/microsite/ ... oader3.cab (IP-Uploader Control)
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} http://securite-neufbox.sfr.fr/pchc/fscax.cab (F-Secure Health Check 1.0)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{027ff472-da09-11db-ad59-0014a51bd343}\Shell - "" = AutoRun
O33 - MountPoints2\{027ff472-da09-11db-ad59-0014a51bd343}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{2b005ef0-ebee-11db-ad63-0014a51bd343}\Shell - "" = AutoRun
O33 - MountPoints2\{2b005ef0-ebee-11db-ad63-0014a51bd343}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{cfe2b2ce-9849-11de-926b-0014a51bd343}\Shell\AutoRun\command - "" = I:\WDSetup.exe -- File not found
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\WDSetup.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/15 23:19:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Benjamin LEROY\Application Data\Malwarebytes
[2009/12/15 23:19:32 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/15 23:19:30 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/15 23:19:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/15 23:19:29 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/15 18:54:32 | 04,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Benjamin LEROY\Bureau\mbam-setup.exe
[2009/12/15 18:52:31 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Benjamin LEROY\Bureau\OTL.exe
[2009/12/15 18:40:50 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2009/12/15 14:41:17 | 00,000,000 | ---D | C] -- C:\temps
[2009/12/14 16:36:52 | 00,000,000 | ---D | C] -- C:\Program Files\SimpleOCR
[2009/12/12 21:03:12 | 00,016,384 | ---- | C] (Philips Electronics) -- C:\WINDOWS\System32\drivers\Pronto2G.sys
[2009/12/12 21:02:56 | 00,110,592 | ---- | C] (TechSmith Corporation) -- C:\WINDOWS\System32\tsccvid.dll
[2009/12/12 21:00:59 | 00,000,000 | ---D | C] -- C:\Program Files\Philips
[2009/12/06 11:16:51 | 00,000,000 | ---D | C] -- C:\Program Files\Touch Screen Setup
[2009/12/05 23:46:38 | 00,000,000 | ---D | C] -- C:\Program Files\CCF Tools
[2009/12/05 19:44:32 | 00,000,000 | ---D | C] -- C:\Program Files\Marantz
[2009/12/03 18:34:18 | 00,000,000 | ---D | C] -- C:\Program Files\ProntoEdit4
[2009/09/30 11:18:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/09/30 11:13:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/07/08 16:09:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2008/08/20 16:40:09 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\LocalService\Application Data\wsnpoem
[2008/08/20 09:39:05 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\NetworkService\Application Data\wsnpoem
[2008/05/20 13:52:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/05/20 13:52:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/05/20 13:52:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/05/20 13:52:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[1999/04/06 13:27:22 | 00,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Fichiers communs\IRAABOUT.DLL
[1998/12/09 03:53:54 | 00,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Fichiers communs\IRAREG.DLL
[1998/12/09 03:53:54 | 00,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Fichiers communs\IRAMDMTR.DLL
[1998/12/09 03:53:54 | 00,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Fichiers communs\IRALPTTR.DLL
[1998/12/09 03:53:54 | 00,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Fichiers communs\IRAWEBTR.DLL
[1998/12/09 03:53:54 | 00,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Fichiers communs\IRASRIAL.DLL
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/15 23:57:00 | 00,000,258 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2009/12/15 23:23:34 | 00,001,070 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/15 23:19:35 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/12/15 19:04:00 | 00,000,302 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2009/12/15 18:54:57 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Benjamin LEROY\Bureau\mbam-setup.exe
[2009/12/15 18:52:33 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Benjamin LEROY\Bureau\OTL.exe
[2009/12/15 18:42:07 | 00,002,459 | ---- | M] () -- C:\Documents and Settings\Benjamin LEROY\Bureau\HiJackThis.lnk
[2009/12/15 18:39:53 | 01,401,344 | ---- | M] () -- C:\Documents and Settings\Benjamin LEROY\Bureau\HijackThis.msi
[2009/12/15 16:23:28 | 00,001,066 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/15 16:17:35 | 00,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/12/15 16:16:40 | 14,680,064 | -H-- | M] () -- C:\Documents and Settings\Benjamin LEROY\NTUSER.DAT
[2009/12/15 14:50:52 | 00,214,016 | ---- | M] () -- C:\WINDOWS\msa.exe
[2009/12/15 14:50:39 | 00,274,432 | ---- | M] () -- C:\WINDOWS\System32\sshnas.dll
[2009/12/15 13:19:04 | 46,651,868 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/15 13:19:04 | 00,123,979 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/14 22:46:59 | 00,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/14 22:46:59 | 00,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/14 22:46:29 | 00,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/14 22:46:28 | 00,440,490 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009/12/14 22:46:28 | 00,061,930 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009/12/14 22:36:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/14 22:36:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/14 22:36:27 | 10,722,22208 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/14 22:36:27 | 00,309,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/14 17:14:01 | 00,000,400 | ---- | M] () -- C:\WINDOWS\SoftWriting.ini
[2009/12/14 16:36:57 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\Benjamin LEROY\Bureau\SimpleOCR.lnk
[2009/12/12 17:03:41 | 00,000,579 | ---- | M] () -- C:\Documents and Settings\Benjamin LEROY\Bureau\Raccourci vers telco marantz pronto.lnk
[2009/12/10 14:56:54 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/10 08:48:30 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/08 12:12:48 | 00,092,232 | ---- | M] () -- C:\Documents and Settings\Benjamin LEROY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/07 23:00:57 | 00,203,264 | ---- | M] () -- C:\Documents and Settings\Benjamin LEROY\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/05 19:44:32 | 00,000,743 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/12/03 18:39:21 | 00,000,040 | ---- | M] () -- C:\pronto.css
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/29 00:36:31 | 00,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk
[2009/11/20 14:42:43 | 12,427,461 | ---- | M] () -- C:\Documents and Settings\Benjamin LEROY\Bureau\le_baiser_du_dragon.zip
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/15 23:19:35 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/12/15 18:41:52 | 00,002,459 | ---- | C] () -- C:\Documents and Settings\Benjamin LEROY\Bureau\HiJackThis.lnk
[2009/12/15 18:39:52 | 01,401,344 | ---- | C] () -- C:\Documents and Settings\Benjamin LEROY\Bureau\HijackThis.msi
[2009/12/15 14:51:07 | 00,214,016 | ---- | C] () -- C:\WINDOWS\msa.exe
[2009/12/15 14:51:07 | 00,000,302 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2009/12/15 14:50:59 | 00,000,258 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2009/12/15 14:50:39 | 00,274,432 | ---- | C] () -- C:\WINDOWS\System32\sshnas.dll
[2009/12/14 16:36:57 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\Benjamin LEROY\Bureau\SimpleOCR.lnk
[2009/12/14 16:36:57 | 00,000,400 | ---- | C] () -- C:\WINDOWS\SoftWriting.ini
[2009/12/12 17:03:41 | 00,000,579 | ---- | C] () -- C:\Documents and Settings\Benjamin LEROY\Bureau\Raccourci vers telco marantz pronto.lnk
[2009/12/03 18:39:21 | 00,000,040 | ---- | C] () -- C:\pronto.css
[2009/11/29 00:36:31 | 00,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk
[2009/11/20 14:42:16 | 12,427,461 | ---- | C] () -- C:\Documents and Settings\Benjamin LEROY\Bureau\le_baiser_du_dragon.zip
[2009/02/22 09:40:32 | 00,000,619 | ---- | C] () -- C:\WINDOWS\Testexec.ini
[2009/02/22 09:40:30 | 00,484,704 | ---- | C] () -- C:\WINDOWS\System32\owl252.dll
[2008/12/29 11:12:10 | 00,003,932 | ---- | C] () -- C:\Documents and Settings\Benjamin LEROY\Local Settings\Application Data\FASTWiz.html
[2008/12/29 08:00:40 | 00,070,291 | ---- | C] () -- C:\Documents and Settings\Benjamin LEROY\Local Settings\Application Data\FASTWiz.log
[2008/08/01 16:40:45 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/08/01 16:35:22 | 00,000,812 | ---- | C] () -- C:\WINDOWS\disney.ini
[2008/07/16 16:24:34 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Benjamin LEROY\Application Data\$_hpcst$.hpc
[2008/03/23 19:04:04 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/03/08 15:18:35 | 00,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/01/09 14:01:48 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/12/31 15:54:15 | 00,055,313 | ---- | C] () -- C:\Program Files\viewsonicinstruct_xp.pdf
[2007/12/31 15:53:49 | 00,000,100 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2007/12/27 17:43:40 | 00,026,549 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2007/12/27 17:43:21 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2007/12/27 17:42:59 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2007/12/27 17:40:54 | 00,002,792 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2007/12/27 17:32:17 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2007/11/17 13:52:13 | 00,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2007/10/21 14:46:18 | 00,000,037 | ---- | C] () -- C:\WINDOWS\DeliveryReader.INI
[2007/09/24 15:21:45 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\eSABLDLG.dll
[2007/09/24 15:21:44 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\eSABLD.dll
[2007/09/24 15:20:56 | 00,135,168 | ---- | C] () -- C:\WINDOWS\eSINLD.dll
[2007/09/24 15:20:56 | 00,024,576 | ---- | C] () -- C:\WINDOWS\SPortLG.dll
[2007/09/24 15:20:56 | 00,020,480 | ---- | C] () -- C:\WINDOWS\eSINLDLG.dll
[2007/09/24 15:20:55 | 00,274,432 | ---- | C] () -- C:\WINDOWS\eSTsnmp.dll
[2007/09/24 15:20:49 | 00,010,154 | ---- | C] () -- C:\WINDOWS\FAXC_40c.ini
[2007/07/16 11:19:58 | 00,274,432 | ---- | C] () -- C:\WINDOWS\System32\eSTsnmp.dll
[2007/04/18 09:36:52 | 00,000,963 | ---- | C] () -- C:\WINDOWS\CD_REEF.INI
[2007/01/27 15:21:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2006/12/27 16:47:08 | 00,135,168 | R--- | C] () -- C:\WINDOWS\System32\Snmp_pp.dll
[2006/12/27 16:45:45 | 00,009,282 | ---- | C] () -- C:\WINDOWS\HUD1_40c.ini
[2006/10/10 10:42:28 | 00,000,680 | R--- | C] () -- C:\WINDOWS\hpw2800k.ini
[2006/10/10 10:40:13 | 00,019,905 | ---- | C] () -- C:\WINDOWS\hpbj2800.ini
[2006/10/10 10:39:40 | 00,005,367 | ---- | C] () -- C:\WINDOWS\mariner.ini
[2006/09/17 22:28:28 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\NEOOCR.dll
[2006/09/17 22:28:28 | 00,002,769 | RHS- | C] () -- C:\Documents and Settings\Benjamin LEROY\Local Settings\Application Data\scpsv5.dll
[2006/09/07 22:28:41 | 00,001,519 | RHS- | C] () -- C:\Documents and Settings\Benjamin LEROY\Local Settings\Application Data\SCPSS5.DLL
[2006/08/30 20:47:35 | 00,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/08/30 20:46:21 | 00,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2006/08/25 21:51:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WinPM.INI
[2006/08/25 21:43:59 | 03,870,720 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll
[2006/08/25 21:02:21 | 00,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2006/08/25 21:01:59 | 00,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2006/06/27 08:56:16 | 00,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/06/27 08:55:47 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/06/09 16:08:36 | 00,000,061 | ---- | C] () -- C:\WINDOWS\init.ini
[2006/03/20 07:52:46 | 00,000,743 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/20 07:52:46 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/03/20 07:42:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2006/03/16 19:03:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2006/02/21 07:24:04 | 00,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/02/20 08:44:15 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\wh2robo.dll
[2006/02/07 09:26:41 | 00,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2006/02/06 21:42:22 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/02/05 15:26:12 | 00,000,040 | ---- | C] () -- C:\WINDOWS\INTER.INI
[2006/01/31 08:00:09 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2006/01/26 16:41:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/01/26 16:23:41 | 00,001,968 | ---- | C] () -- C:\WINDOWS\Media9Ut.INI
[2006/01/26 16:22:55 | 00,000,106 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2006/01/25 18:10:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QUICKI~1.INI
[2006/01/24 19:08:29 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/01/17 07:05:10 | 00,203,264 | ---- | C] () -- C:\Documents and Settings\Benjamin LEROY\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/15 04:33:58 | 00,000,212 | ---- | C] () -- C:\Documents and Settings\Benjamin LEROY\Application Data\wklnhst.dat
[2006/01/15 04:30:08 | 00,000,137 | ---- | C] () -- C:\Documents and Settings\Benjamin LEROY\Local Settings\Application Data\fusioncache.dat
[2005/12/14 15:54:20 | 00,007,912 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2005/08/12 22:57:09 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/05/23 10:47:10 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2005/05/23 03:30:52 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/23 03:30:52 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/23 03:30:52 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/23 03:30:52 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/23 03:30:52 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/23 03:30:52 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/23 03:20:42 | 00,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/02/12 09:33:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/17 10:37:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/17 10:30:22 | 00,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/04/06 03:10:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2003/10/03 11:18:40 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\OgcDrvSilva.dll
[2003/10/03 11:18:32 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\OgcDrvSena.dll
[2003/10/03 11:18:26 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\OgcDrvMlr.dll
[2003/10/03 11:18:18 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\OgcDrvMagellan.dll
[2003/10/03 11:18:12 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\OgcDrvGarmin.dll
[2003/10/03 08:13:40 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\Ogc.dll
[2003/09/25 00:00:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/09/25 00:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/02/27 13:37:48 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\Nmea.dll
[2002/11/25 14:11:22 | 00,688,128 | ---- | C] () -- C:\WINDOWS\System32\BCGCB474.dll
[2002/09/05 08:34:42 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\ConversApi.dll
[2002/06/10 10:53:42 | 00,000,160 | R--- | C] () -- C:\WINDOWS\pronto.ini
[2002/01/13 16:12:02 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\CP30FW.DLL
[2001/12/19 08:07:50 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\BCGCBResFRA.dll
[2000/10/20 13:25:36 | 00,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[1999/01/22 19:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 869 bytes -> C:\Documents and Settings\Benjamin LEROY\Cookies:LwxDV7CN2AzUWKsx6
@Alternate Data Stream - 866 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:AOazVp3qVnMEvmb64wY9oB9sJk
@Alternate Data Stream - 865 bytes -> C:\Program Files\Fichiers communs\Microsoft Shared:rHKYTudo9nu4wJ2dxn42A
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:CAF833B2B444A3DB
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 1010 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:gPUW4ZBRvC4sYFsG6TUbQg
@Alternate Data Stream - 1005 bytes -> C:\Program Files\WindowsUpdate:cZCF9MpYZ2PpzlprFTP
<End>
benyoyo
 
Messages: 8
Inscription: 16 Déc 2009, 00:06

Messagede benyoyo » 16 Déc 2009, 00:15

Et enfin le contenu de Extras.txt :

OTL Extras logfile created on: 15/12/2009 23:49:20 - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Benjamin LEROY\Bureau
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1022,48 Mb Total Physical Memory | 341,85 Mb Available Physical Memory | 33,43% Memory free
2,40 Gb Paging File | 1,62 Gb Available in Paging File | 67,38% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 0,82 Gb Free Space | 1,10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 7,58 Mb Total Space | 7,58 Mb Free Space | 99,95% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZD8000
Current User Name: Benjamin LEROY
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.reg [@ = Regedit.Document] -- c:\Winnt\Regedit.exe File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access 0
"1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification
"1647:TCP" = 1647:TCP:*:Enabled:MioNet Storage Device Configuration
"5432:UDP" = 5432:UDP:*:Enabled:MioNet Storage Device Discovery
"1701:TCP" = 1701:TCP:*:Enabled:MioNet Remote Drive Access 1
"1702:TCP" = 1702:TCP:*:Enabled:MioNet Remote Drive Access 2
"1703:TCP" = 1703:TCP:*:Enabled:MioNet Remote Drive Access 3
"1704:TCP" = 1704:TCP:*:Enabled:MioNet Remote Drive Access 4
"1705:TCP" = 1705:TCP:*:Enabled:MioNet Remote Drive Access 5
"1706:TCP" = 1706:TCP:*:Enabled:MioNet Remote Drive Access 6
"1707:TCP" = 1707:TCP:*:Enabled:MioNet Remote Drive Access 7
"1708:TCP" = 1708:TCP:*:Enabled:MioNet Remote Drive Access 8
"1709:TCP" = 1709:TCP:*:Enabled:MioNet Remote Drive Access 9
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\SimpleCopier\simplecopier.exe" = C:\Program Files\SimpleCopier\simplecopier.exe:*:Enabled:SimpleCopier -- File not found
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL France -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\SimpleCopier\simplecopier.exe" = C:\Program Files\SimpleCopier\simplecopier.exe:*:Enabled:SimpleCopier -- File not found
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe" = C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe:*:Enabled:Toolbox for HP Printing System for Windows -- (Hewlett-Packard Company)
"C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe" = C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner -- File not found
"C:\Program Files\MioNet\MioNetManager.exe" = C:\Program Files\MioNet\MioNetManager.exe:*:Enabled:MioNetManager -- File not found
"C:\Program Files\MioNet\jvm\bin\MioNet.exe" = C:\Program Files\MioNet\jvm\bin\MioNet.exe:*:Enabled:MioNet -- File not found
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\Benjamin LEROY\Local Settings\Temp\Répertoire temporaire 1 pour SIPInside-0.4.9-binB.zip\SIPInside.exe" = C:\Documents and Settings\Benjamin LEROY\Local Settings\Temp\Répertoire temporaire 1 pour SIPInside-0.4.9-binB.zip\SIPInside.exe:*:Enabled:SIPInside -- File not found
"C:\Documents and Settings\Benjamin LEROY\Mes documents\SOFTS\tel sip\SIPInside\SIPInside.exe" = C:\Documents and Settings\Benjamin LEROY\Mes documents\SOFTS\tel sip\SIPInside\SIPInside.exe:*:Enabled:SIPInside -- ()
"C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" = C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:*:Enabled:VoipBuster -- File not found
"C:\WINDOWS\system32\drivers\svchost.exe" = C:\WINDOWS\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\FileZilla\FileZilla.exe" = C:\Program Files\FileZilla\FileZilla.exe:*:Enabled:FileZilla -- ()
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistant Transfert de fichiers et de paramètres -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla Corporation)
"C:\Program Files\Freeplayer\vlc\vlc.exe" = C:\Program Files\Freeplayer\vlc\vlc.exe:*:Enabled:VLC media player -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0000040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{087C9842-C815-49AD-BBC8-3EE3E12373D0}" = InstantCopy
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0E70CFA6-93E3-453F-B47C-855196C2589E}" = Logitech Harmony Remote Software 7
"{15D91706-6ADF-44CF-9D7D-FF2D8ACD2C6F}" = LS_HSI
"{16C65FAB-A00A-4372-838C-759646710519}" = Logitech Harmony Remote
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1ECD6EC8-7BB2-4CD5-A384-BAA371BC4D21}" = Volo View Express
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Hi-Def Suite
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2C7F7830-E66E-40D8-8E26-28FAFF288A29}" = ProntoEdit 4
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 A2
"{4C136A31-7338-45CD-8B1E-09627C0B9BF0}" = HP Business Inkjet 2800
"{54BB0384-1C33-488F-A95B-877E480D3EDC}" = MSXML 4.0
"{5783F2D7-0201-040C-0002-0060B0CE6BBA}" = AutoCAD 2004
"{5783F2D7-0211-0409-0000-0060B0CE6BBA}" = AutoCAD Express Tools Volumes 1-9
"{5783F2D7-5001-040C-0002-0060B0CE6BBA}" = AutoCAD 2007 - Français
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{612DC38A-B36A-4699-88EB-12C7394DE2FC}" = TIxx21
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CEA4829-B955-4896-B1F2-AE4FC921EEFD}" = TOSHIBA e-STUDIO Series Fax
"{7148F0A8-6813-11D6-A77B-00B0D0142150}" = Java 2 Runtime Environment, SE v1.4.2_15
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7BA34FFD-B164-44BE-8E2A-D5D930AA990A}" = Scitor PSN8.5
"{802342C3-8E1C-4A8B-96C3-F98FD9B336D0}" = Micro Application - 9 Dictionnaires Utiles
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Connexion Facile à Internet
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{8267D976-C14B-11D5-9B29-00B0D03AE649}" = Touch Screen Setup
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{9074AFC0-CFDA-11DE-B484-005056806466}" = Google Earth
"{90AF040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A250D351-A07F-4D5D-AB6C-693C69B9BFAF}" = Hercules Webcam
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1036-7B44-A91000000001}" = Adobe Reader 9.1.3 - Français
"{AD298C10-EED0-4075-A9F1-4C8C93ACBD08}" = Dora au pays des Contes de Fées
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B252ADE8-8F39-4CBD-89CB-5919008754FE}" = VC User CRT71 RTL X86 ---
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BE130CAB-F7AA-4660-96A2-6BCCE9743946}" = Sonic Backup MyPC Special Edition for HP
"{BE20E2F5-1903-4AAE-B1AF-2046E586C925}" = iTunes
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 A2
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Try And Buy
"{DA2DEF22-8E99-449E-95BE-B6BA4BB50D66}" = ProntoProEdit NG Setup Support
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0A1559B-9886-11D4-8D06-0050DA284A39}" = Scan Manager 5.2
"{E1423608-F529-40A1-93CA-C7F396F30DF0}" = Google SketchUp
"{E4EB48BE-C5FF-48B3-923A-CEC2B33FB9E0}" = Marantz Wizz.it
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{F2E6EB42-B04D-4F63-853F-8016BF71B25A}" = VC User MFC71 RTL X86 ---
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FE978B11-8733-4CC0-B40A-2F5A4B0B33A5}" = Dora La Cité Perdue
"{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne
"8648 Service Software" = 8648 Service Software
"AC3Filter" = AC3Filter (remove only)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.5" = Adobe Photoshop 5.5
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Utilitaire de désinstallation du logiciel
"ArtRage Free_is1" = ArtRage 2.2 Free
"ATI Display Driver" = ATI Display Driver
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"AVG8Uninstall" = AVG Free 8.5
"BSPlayer1" = BSPlayer
"CCF Tools" = CCF Tools
"CdaC13Ba" = SafeCast Shared Components
"CDex" = CDex extraction audio
"CD-reef version S118 (édition 1999.4)" = CD-reef version S118 (édition 1999.4)
"CloneCD" = CloneCD
"CloneDVD.exe_is1" = CloneDVD 3.9.1
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_3082103C" = Conexant Data Fax Modem with SmartCP
"Conexant PCI Audio" = Conexant AC-97 Audio
"Cortona® VRML Client" = Cortona® VRML Client
"dBpoweramp Renaissance uPlayer" = dBpoweramp Renaissance uPlayer
"Démo Les Tibidous - Eveil 2-4 ans" = Démo Les Tibidous - Eveil 2-4 ans
"DVDFab Decrypter_is1" = DVDFab Decrypter 3.0.5.5
"DynDNS Updater_is1" = DynDNS Updater 3.1
"EasyRecovery" = EasyRecovery Professional Edition
"EPSON Printer and Utilities" = EPSON Logiciel imprimante
"FileZilla" = FileZilla (remove only)
"FLVPlayer" = FLV Player 1.3.3
"fnacVOD" = Désinstallation du Vidéo à la Demande
"Folder Guide" = Folder Guide
"Ftp-It" = Ftp-It
"Gcompris" = GCompris (supprimer uniquement)
"GetRight" = GetRight
"GMailFS" = GMail Drive Shell Extension
"GSpot" = GSpot Codec Information Appliance
"GTK 2.0" = Bibliothèques GTK+ 2.6.10 rev a (supprimer uniquement)
"hMailServer_is1" = hMailServer 5.0-B326
"hp business inkjet 2800 series" = HP Business Inkjet 2800 series
"hp color inkjet cp1700 unistaller" = Programme de désinstallation HP Color Inkjet CP1700
"HPTestExecUninstall" = HP8648
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InfraRecorder" = InfraRecorder
"Inkscape" = Inkscape 0.45.1
"InstallShield_{612DC38A-B36A-4699-88EB-12C7394DE2FC}" = Texas Instruments PCIxx21/x515 drivers.
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Connexion Facile à Internet
"InstallShield_{BE20E2F5-1903-4AAE-B1AF-2046E586C925}" = iTunes
"InstallShield_{E4EB48BE-C5FF-48B3-923A-CEC2B33FB9E0}" = Marantz Wizz.it
"LaCie Device Updater" = LaCie Device Updater
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mini Digital Signal Generator" = Mini Digital Signal Generator
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"neuf_VOD" = Désinstallation du Lecteur Neuf VOD
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OmniPagePro9.0DeinstKey" = OmniPage Pro 9.0
"Photocopier_is1" = Photocopier 3.02
"ProntoProEdit NG" = ProntoProEdit NG
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"ReClock" = ReClock (remove only)
"Room Arranger" = Room Arranger
"Serials 2000 v6.0" = Serials 2000 v6.0
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SimpleOCR 3.1" = SimpleOCR 3.1
"SmartRipper" = SmartRipper 2.41 Fr
"Sweet Home 3D_is1" = Sweet Home 3D version 2.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tux Paint Stamps_is1" = Tux Paint Stamps 2005-11-25
"Tux Paint_is1" = Tux Paint 0.9.17
"TYPSoft FTP Server_is1" = TYPSoft FTP Server
"Virtools3DLifePlayer" = Virtools 3D Life Player
"Web Media Player_is1" = Web Media Player 0.61.1
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Winmail Opener" = Winmail Opener 1.1
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1" = XviD 1.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2647311919-3796938599-2237506717-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diettes et tics 3.3" = Diettes et tics 3.3
"WinImage" = WinImage

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/04/2009 09:27:53 | Computer Name = ZD8000 | Source = Application Hang | ID = 1002
Description = Application bloquée thunderbird.exe, version 1.8.20090.30215, module
bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 09/04/2009 09:28:03 | Computer Name = ZD8000 | Source = Application Hang | ID = 1002
Description = Application bloquée thunderbird.exe, version 1.8.20090.30215, module
bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 09/04/2009 15:35:10 | Computer Name = ZD8000 | Source = Application Error | ID = 1000
Description = Application défaillante psn8.exe, version 8.5.1.5, module défaillant
psn8.exe, version 8.5.1.5, adresse de défaillance 0x0039fc16.

Error - 13/04/2009 12:34:00 | Computer Name = ZD8000 | Source = Application Hang | ID = 1002
Description = Application bloquée thunderbird.exe, version 1.8.20090.30215, module
bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 15/04/2009 12:10:47 | Computer Name = ZD8000 | Source = Application Hang | ID = 1002
Description = Application bloquée AcroRd32.exe, version 9.1.0.163, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 16/04/2009 03:41:40 | Computer Name = ZD8000 | Source = Application Hang | ID = 1002
Description = Application bloquée WINWORD.EXE, version 9.0.0.2823, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 29/04/2009 06:40:07 | Computer Name = ZD8000 | Source = Application Error | ID = 1000
Description = Application défaillante avgcsrvx.exe, version 8.0.0.223, module défaillant
avgcorex.dll, version 8.0.0.237, adresse de défaillance 0x001c158a.

Error - 30/04/2009 05:22:03 | Computer Name = ZD8000 | Source = Application Error | ID = 1000
Description = Application défaillante winword.exe, version 9.0.0.2823, module défaillant
winword.exe, version 9.0.0.2823, adresse de défaillance 0x00184abb.

Error - 05/05/2009 06:40:42 | Computer Name = ZD8000 | Source = Application Error | ID = 1000
Description = Application défaillante avgcsrvx.exe, version 8.0.0.223, module défaillant
avgcorex.dll, version 8.0.0.237, adresse de défaillance 0x001c15c4.

Error - 11/05/2009 02:02:19 | Computer Name = ZD8000 | Source = Application Error | ID = 1000
Description = Application défaillante skype.exe, version 3.8.0.180, module défaillant
skype.exe, version 3.8.0.180, adresse de défaillance 0x002b3ffd.

[ System Events ]
Error - 15/12/2009 18:23:28 | Computer Name = ZD8000 | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 15/12/2009 18:23:41 | Computer Name = ZD8000 | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 15/12/2009 18:23:48 | Computer Name = ZD8000 | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 15/12/2009 18:23:54 | Computer Name = ZD8000 | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 15/12/2009 18:24:01 | Computer Name = ZD8000 | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 15/12/2009 18:30:50 | Computer Name = ZD8000 | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk1\D.

Error - 15/12/2009 18:48:38 | Computer Name = ZD8000 | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 15/12/2009 18:48:38 | Computer Name = ZD8000 | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 15/12/2009 18:48:45 | Computer Name = ZD8000 | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Error - 15/12/2009 18:48:51 | Computer Name = ZD8000 | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.


<End>


Merci d'avance des réponses que vous pourrez m'apporter.
Cordialement,
benyoyo
 
Messages: 8
Inscription: 16 Déc 2009, 00:06

Messagede nickW » 16 Déc 2009, 01:28

Bonsoir,

Nouvelle recherche, ciblée:

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec)
Sous Windows XP, pour vérifier si un compte a les droits "Administrateur":
Démarrer---->Paramètres---->Panneau de configuration---->Comptes d'utilisateurs
A côté de l'icône représentant certains comptes (hormis celui nommé "Administrateur"), il est indiqué "Administrateur de l'ordinateur"
C'est l'un de ces comptes qu'il faudra utiliser.



Étape 1: Affichage tous fichiers
Vérifier que ton PC affiche bien tous les fichiers
http://assiste.com.free.fr/p/comment/co ... aches.html


Étape 2: CCleaner
Télécharger et installer CCleaner Slim dans un dossier spécifique, par exemple SystemDrive\ccleaner
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
Page de téléchargement: http://www.ccleaner.com/download/builds

Lancer le programme.
Note: il est inutile de modifier les paramètres autres que ceux décrits ci-dessous:
Si nécessaire, aller dans Options - sous-menu Propriétés et choisir le langage: Français.
*- Dans le menu Nettoyeur - onglet Windows, cocher:
Internet Explorer: Fichiers Internet Temporaires, Cookies des sites Web
Système: Vider la Poubelle, Fichiers Temporaires, Presse-papiers
Avancé: Vieilles données du Prefetch
*- Dans le menu Options - sous-menu Avancé, décocher:
Supprimer uniquement les fichiers temporaires de Windows datant de plus de 24 heures
*- Dans le menu Nettoyeur - onglet Applications, cocher:
Internet: Sun Java
*- Si cela est possible, dans le menu Nettoyeur - onglet Applications, cocher:
Mozilla Firefox: Cache Internet, Cookies des sites Web

Fermer toutes les fenêtres de navigateur (Internet Explorer, Firefox, etc...).
Cliquer sur Analyser
Dans le menu Options - sous-menu Cookies, faire passer dans le panneau de droite les cookies que tu veux absolument conserver.
Puis dans le menu Nettoyeur, cliquer sur le bouton Nettoyer.
Fermer le programme.


Étape 3: SmitFraudFix (de S!ri), option 1: Recherche

Note préliminaire importante:
SmitFraudFix est détecté par certains antivirus comme étant un RiskTool (outil à risque).
Ceci est exact puisque certains de ses composants, s'ils étaient mis entre de mauvaises mains, pourraient effectuer des actions dangereuses.
Dans le cas de SmitFraudFix, il faut les laisser s'exécuter, et, si nécessaire, désactiver temporairement les programmes de protection en temps réel (lors du téléchargement et de l'exécution de l'outil).


Télécharger SmitFraudFix depuis http://siri.urz.free.fr/Fix/SmitfraudFix.exe
ou http://siri.geekstogo.com/SmitfraudFix.exe
Enregistrer ce fichier sur le Bureau.

Faire un double clic sur SmitfraudFix.exe pour lancer l'outil.
Appuyer sur n'importe quelle touche après avoir lu le message d'avertissement.
Après l'affichage du menu, taper 1 puis faire Entrée pour rechercher les fichiers responsables de l'infection.


Étape 4: Résultat
Envoyer en réponse:
*- le rapport de SmitFraudFix (contenu du fichier SystemDrive\rapport.txt)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
Note importante:
Si ce rapport de SmitFraudFix contient des dizaines de lignes commençant par "127.0.0.1", il ne faut pas toutes les envoyer sur le forum.
Il ne faut envoyer que les 15 premières lignes commençant par "127.0.0.1" avec le reste du log.


A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

rapport SmitFraudFix

Messagede benyoyo » 16 Déc 2009, 10:22

Bonjour,

merci pour cette réponse extrêmement rapide.
J'ai suivi les indications et voilà le rapport SmitFraudFix.


SmitFraudFix v2.424

Rapport fait à 10:14:39,56, 16/12/2009
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\hMailServer\Bin\hMailServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\msa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Benjamin LEROY


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\BENJAM~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Benjamin LEROY\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\BENJAM~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 802.11b/g WLAN - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.10.102
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6647DCE1-0B07-4EC6-A966-561A2657893B}: NameServer=212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B163DAA0-1C1E-4F7F-A0FC-6B56E202D799}: NameServer=192.168.10.102,212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B8B69349-89DF-45BB-8EE7-36DF41955E1F}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6647DCE1-0B07-4EC6-A966-561A2657893B}: NameServer=212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B163DAA0-1C1E-4F7F-A0FC-6B56E202D799}: NameServer=192.168.10.102,212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B8B69349-89DF-45BB-8EE7-36DF41955E1F}: NameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6647DCE1-0B07-4EC6-A966-561A2657893B}: NameServer=212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B163DAA0-1C1E-4F7F-A0FC-6B56E202D799}: NameServer=192.168.10.102,212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B8B69349-89DF-45BB-8EE7-36DF41955E1F}: NameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


Merci encore.
Et d'avance pour la suite.
Benjamin
benyoyo
 
Messages: 8
Inscription: 16 Déc 2009, 00:06

Messagede benyoyo » 19 Déc 2009, 18:16

Bonsoir,

Y-a-t'il une suite à la procédure de "nettoyage" après l'analyse SmirtFraud Fix ?

Le problème de pop-up ne semble plus se produire dernièrement, mais AVG me détecte des trojans à plusieurs reprises.
Je me contente de lui faire confiance pour les enlever, ou j'attends de vos nouvelles ?

Merci pour votre aide.


ah oui, et UP !...
benyoyo
 
Messages: 8
Inscription: 16 Déc 2009, 00:06

Messagede nickW » 20 Déc 2009, 01:47

Bonsoir,

1/ As-tu utilisé autre chose que l'option 1 de SmitfraudFix?


2/ Peux-tu me donner des détails sur ce que AVG détecte?


3/ Nouvelles manips:

Étape 1: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus et celui de l'antispyware.
Image AVG: ouvrir AVG Control Center, double clic sur "AVG Resident Shield", décocher "Turn on AVG Resident Shield"
Image Ad-Watch: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), clic sur Close Ad-Watch


Étape 2: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats".

Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection"
Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 3: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus et celui de l'antispyware.


Étape 4: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Quick Scan:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 5: Résultats
Envoyer en réponse:
*- le log de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du log):
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede benyoyo » 21 Déc 2009, 14:00

Bonjour,
merci de la réponse.

nickW a écrit:1/ As-tu utilisé autre chose que l'option 1 de SmitfraudFix?


Non (en tous cas pas à ma connaissance, ou pas volontairement.)


nickW a écrit:2/ Peux-tu me donner des détails sur ce que AVG détecte?


Je joint un imprim'écran des bestioles détectées.

<table><tr><td><a href="http://picasaweb.google.com/lh/photo/XyJoQI7OewJZMbvTFjOctA?authkey=Gv1sRgCK7Tp5TshZyYUg&feat=embedwebsite"><img src="http://lh5.ggpht.com/_UA_R06_HAIY/Sy9wX466ZHI/AAAAAAAAAC4/kAcYTodZAxo/s144/logs%20trojan.JPG"></a></td></tr><tr><td>De <a href="http://picasaweb.google.com/benjamin.leroy.cgd/LogsTemporaires?authkey=Gv1sRgCK7Tp5TshZyYUg&feat=embedwebsite">logs temporaires</a></td></tr></table>

3/ Nouvelles manips:


Voilà les logs des résultats de ces analyses.

Pour Malwarebytes :

Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3401
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

21/12/2009 10:21:32
mbam-log-2009-12-21 (10-21-32).txt

Type de recherche: Examen rapide
Eléments examinés: 133307
Temps écoulé: 10 minute(s), 33 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ZagrebLand (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Videocan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zagrebland (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Documents and Settings\LocalService\Application Data\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benjamin LEROY\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
benyoyo
 
Messages: 8
Inscription: 16 Déc 2009, 00:06

Messagede benyoyo » 21 Déc 2009, 14:01

et la suite avec les logs de OTL.

OTL logfile created on: 21/12/2009 10:44:08 - Run 2
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Benjamin LEROY\Bureau
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1022,48 Mb Total Physical Memory | 349,72 Mb Available Physical Memory | 34,20% Memory free
2,40 Gb Paging File | 1,91 Gb Available in Paging File | 79,61% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 0,89 Gb Free Space | 1,19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 7,58 Mb Total Space | 7,58 Mb Free Space | 99,95% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZD8000
Current User Name: Benjamin LEROY
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/15 18:52:33 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Benjamin LEROY\Bureau\OTL.exe
PRC - [2009/12/12 17:03:34 | 02,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/12/09 18:22:39 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/12/09 18:22:36 | 01,184,912 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/09/14 08:30:11 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/09/14 08:30:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/24 05:58:35 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/24 05:58:34 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/24 05:58:28 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/24 05:58:26 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/24 05:58:15 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/01/28 12:22:20 | 04,751,360 | ---- | M] (hMailServer) -- C:\Program Files\hMailServer\Bin\hMailServer.exe
PRC - [2008/12/08 14:50:04 | 00,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
PRC - [2008/09/23 13:17:08 | 00,076,744 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2008/09/23 13:17:06 | 21,755,688 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2008/09/12 17:00:48 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
PRC - [2007/11/16 19:20:26 | 00,091,432 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2007/10/28 09:35:48 | 00,072,736 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2007/06/13 14:22:28 | 01,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/24 07:57:21 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2006/07/25 21:44:12 | 00,401,408 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006/01/26 16:32:16 | 00,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2005/05/23 03:36:12 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2005/04/01 14:11:14 | 00,794,624 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2005/03/08 20:05:00 | 00,339,968 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/03/04 11:16:18 | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\Shared\hpqwmi.exe
PRC - [2005/02/22 15:32:14 | 00,038,912 | ---- | M] () -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
PRC - [2005/02/02 13:12:22 | 00,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/02/02 13:11:12 | 00,692,316 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2004/12/03 12:24:20 | 00,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2004/10/13 15:04:14 | 00,278,528 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2004/10/13 15:03:54 | 00,327,680 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2004/08/05 09:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2004/08/05 09:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2002/12/02 15:17:37 | 00,073,728 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
PRC - [1999/04/06 13:27:42 | 00,046,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE


========== Modules (SafeList) ==========

MOD - [2009/12/15 18:52:33 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Benjamin LEROY\Bureau\OTL.exe
MOD - [2006/08/25 16:51:12 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005/02/02 13:12:14 | 00,069,724 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/09 18:22:36 | 01,184,912 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/30 11:12:57 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Service Google Update (gupdate)
SRV - [2009/09/14 08:30:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/08/24 05:58:26 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/24 05:58:15 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/01/28 12:22:20 | 04,751,360 | ---- | M] (hMailServer) [Auto | Running] -- C:\Program Files\hMailServer\Bin\hMailServer.exe -- (hMailServer)
SRV - [2007/03/28 20:29:50 | 00,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2006/07/25 21:44:12 | 00,401,408 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/01/26 16:32:16 | 00,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/03/04 11:16:18 | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files\HPQ\Shared\hpqwmi.exe -- (hpqwmi)
SRV - [2005/02/22 15:32:14 | 00,038,912 | ---- | M] () [Auto | Running] -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2004/10/13 15:03:54 | 00,327,680 | ---- | M] (Apple Computer, Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService)
SRV - [2004/01/23 12:53:30 | 00,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE -- (Pml Driver HPZ12)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006\S-1-5-21-2647311919-3796938599-2237506717-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006\S-1-5-21-2647311919-3796938599-2237506717-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/webhp?rls=ig"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.424
FF - prefs.js..extensions.enabledItems: {75493B06-1504-4976-9A55-B6FE240FF0BF}:2.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/11/03 08:49:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/09/12 17:01:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/17 09:51:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/17 09:51:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/08/24 20:11:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/03/29 18:11:35 | 00,000,000 | ---D | M]

[2008/08/29 08:22:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\Mozilla\Extensions
[2009/12/20 19:37:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\Mozilla\Firefox\Profiles\xx051o2v.default\extensions
[2009/03/03 17:20:51 | 00,000,000 | ---D | M] (Barre de confiance) -- C:\Documents and Settings\Benjamin LEROY\Application Data\Mozilla\Firefox\Profiles\xx051o2v.default\extensions\{75493B06-1504-4976-9A55-B6FE240FF0BF}
[2007/01/26 09:19:53 | 00,000,000 | ---D | M] (Fasterfox) -- C:\Documents and Settings\Benjamin LEROY\Application Data\Mozilla\Firefox\Profiles\xx051o2v.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2007/10/01 16:36:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\Mozilla\Firefox\Profiles\xx051o2v.default\extensions\videodowloader@videodownloader.net
[2009/12/20 19:37:28 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/10/25 09:17:00 | 00,237,568 | ---- | M] (Virtools SA) -- C:\Program Files\Mozilla Firefox\plugins\npvirtools.dll
[2008/08/29 08:21:43 | 00,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2008/04/01 20:06:47 | 00,002,151 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2008/11/18 11:12:06 | 00,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2008/08/29 08:21:43 | 00,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2008/08/29 08:21:43 | 00,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2008/08/29 08:21:43 | 00,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: (0 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (bho2gr Class) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CloneCDElbyCDFL] C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [fnacVOD] C:\Program Files\fnacVOD\fnacVOD.exe (GLOW ENTERTAINMENT GROUP SA)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006..\Run: [MediaDICO9Ut] C:\Program Files\Micro Application\9 Dictionnaires Utiles\LanceMediaDICO9Ut.exe (L'Aventure Multimedia)
O4 - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006..\Run: [VoipBuster] C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe File not found
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Documents and Settings\Benjamin LEROY\Local Settings\Temp\nos_uninstall_Adobe.dll (NOS Microsystems Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Benjamin LEROY\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler.exe ()
O4 - Startup: C:\Documents and Settings\Benjamin LEROY\Menu Démarrer\Programmes\Démarrage\Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe (Pinnacle Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-2647311919-3796938599-2237506717-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resourc ... oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 8604240015 (MUWebControl Class)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://www.photostation.fr/aurigma/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.4.2_15)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} http://asp12.photoprintit.de/microsite/ ... oader3.cab (IP-Uploader Control)
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} http://securite-neufbox.sfr.fr/pchc/fscax.cab (F-Secure Health Check 1.0)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{027ff472-da09-11db-ad59-0014a51bd343}\Shell - "" = AutoRun
O33 - MountPoints2\{027ff472-da09-11db-ad59-0014a51bd343}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{2b005ef0-ebee-11db-ad63-0014a51bd343}\Shell - "" = AutoRun
O33 - MountPoints2\{2b005ef0-ebee-11db-ad63-0014a51bd343}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{cfe2b2ce-9849-11de-926b-0014a51bd343}\Shell\AutoRun\command - "" = I:\WDSetup.exe -- File not found
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\WDSetup.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/16 09:20:22 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/12/16 09:18:19 | 00,000,000 | ---D | C] -- C:\CCleaner
[2009/12/15 23:19:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Benjamin LEROY\Application Data\Malwarebytes
[2009/12/15 23:19:32 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/15 23:19:30 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/15 23:19:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/15 23:19:29 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/15 18:54:32 | 04,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Benjamin LEROY\Bureau\mbam-setup.exe
[2009/12/15 18:52:31 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Benjamin LEROY\Bureau\OTL.exe
[2009/12/15 18:40:50 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2009/12/15 14:41:17 | 00,000,000 | ---D | C] -- C:\temps
[2009/12/14 16:36:52 | 00,000,000 | ---D | C] -- C:\Program Files\SimpleOCR
[2009/12/12 21:03:12 | 00,016,384 | ---- | C] (Philips Electronics) -- C:\WINDOWS\System32\drivers\Pronto2G.sys
[2009/12/12 21:02:56 | 00,110,592 | ---- | C] (TechSmith Corporation) -- C:\WINDOWS\System32\tsccvid.dll
[2009/12/12 21:00:59 | 00,000,000 | ---D | C] -- C:\Program Files\Philips
[2009/09/30 11:18:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/09/30 11:13:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/07/08 16:09:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2008/05/20 13:52:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/05/20 13:52:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/05/20 13:52:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/05/20 13:52:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[1999/04/06 13:27:22 | 00,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Fichiers communs\IRAABOUT.DLL
[1998/12/09 03:53:54 | 00,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Fichiers communs\IRAREG.DLL
[1998/12/09 03:53:54 | 00,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Fichiers communs\IRAMDMTR.DLL
[1998/12/09 03:53:54 | 00,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Fichiers communs\IRALPTTR.DLL
[1998/12/09 03:53:54 | 00,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Fichiers communs\IRAWEBTR.DLL
[1998/12/09 03:53:54 | 00,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Fichiers communs\IRASRIAL.DLL
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/21 10:41:08 | 00,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/12/21 10:31:19 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/21 10:27:23 | 00,001,066 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/21 10:24:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/21 10:24:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/21 10:24:19 | 10,722,22208 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/21 10:23:11 | 14,942,208 | -H-- | M] () -- C:\Documents and Settings\Benjamin LEROY\NTUSER.DAT
[2009/12/21 09:23:31 | 00,001,070 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/21 09:17:15 | 46,855,652 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/21 09:17:15 | 00,127,520 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/19 17:20:37 | 00,203,264 | ---- | M] () -- C:\Documents and Settings\Benjamin LEROY\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/16 10:14:48 | 00,004,456 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/12/16 10:13:47 | 01,872,472 | ---- | M] () -- C:\Documents and Settings\Benjamin LEROY\Bureau\SmitfraudFix.exe
[2009/12/16 09:20:28 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Benjamin LEROY\Bureau\CCleaner.lnk
[2009/12/15 23:19:35 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/12/15 18:54:57 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Benjamin LEROY\Bureau\mbam-setup.exe
[2009/12/15 18:52:33 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Benjamin LEROY\Bureau\OTL.exe
[2009/12/15 18:42:07 | 00,002,459 | ---- | M] () -- C:\Documents and Settings\Benjamin LEROY\Bureau\HiJackThis.lnk
[2009/12/15 18:39:53 | 01,401,344 | ---- | M] () -- C:\Documents and Settings\Benjamin LEROY\Bureau\HijackThis.msi
[2009/12/14 22:46:59 | 00,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/14 22:46:59 | 00,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/14 22:46:29 | 00,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/14 22:46:28 | 00,440,490 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009/12/14 22:46:28 | 00,061,930 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009/12/14 22:36:27 | 00,309,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/14 17:14:01 | 00,000,400 | ---- | M] () -- C:\WINDOWS\SoftWriting.ini
[2009/12/14 16:36:57 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\Benjamin LEROY\Bureau\SimpleOCR.lnk
[2009/12/12 17:03:41 | 00,000,579 | ---- | M] () -- C:\Documents and Settings\Benjamin LEROY\Bureau\Raccourci vers telco marantz pronto.lnk
[2009/12/10 08:48:30 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/08 12:12:48 | 00,092,232 | ---- | M] () -- C:\Documents and Settings\Benjamin LEROY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/16 10:14:48 | 00,004,456 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/12/16 10:13:30 | 01,872,472 | ---- | C] () -- C:\Documents and Settings\Benjamin LEROY\Bureau\SmitfraudFix.exe
[2009/12/16 09:20:28 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Benjamin LEROY\Bureau\CCleaner.lnk
[2009/12/15 23:19:35 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/12/15 18:41:52 | 00,002,459 | ---- | C] () -- C:\Documents and Settings\Benjamin LEROY\Bureau\HiJackThis.lnk
[2009/12/15 18:39:52 | 01,401,344 | ---- | C] () -- C:\Documents and Settings\Benjamin LEROY\Bureau\HijackThis.msi
[2009/12/14 16:36:57 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\Benjamin LEROY\Bureau\SimpleOCR.lnk
[2009/12/14 16:36:57 | 00,000,400 | ---- | C] () -- C:\WINDOWS\SoftWriting.ini
[2009/12/12 17:03:41 | 00,000,579 | ---- | C] () -- C:\Documents and Settings\Benjamin LEROY\Bureau\Raccourci vers telco marantz pronto.lnk
[2009/02/22 09:40:32 | 00,000,619 | ---- | C] () -- C:\WINDOWS\Testexec.ini
[2009/02/22 09:40:30 | 00,484,704 | ---- | C] () -- C:\WINDOWS\System32\owl252.dll
[2008/12/29 11:12:10 | 00,003,932 | ---- | C] () -- C:\Documents and Settings\Benjamin LEROY\Local Settings\Application Data\FASTWiz.html
[2008/12/29 08:00:40 | 00,070,291 | ---- | C] () -- C:\Documents and Settings\Benjamin LEROY\Local Settings\Application Data\FASTWiz.log
[2008/08/01 16:40:45 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/08/01 16:35:22 | 00,000,812 | ---- | C] () -- C:\WINDOWS\disney.ini
[2008/07/16 16:24:34 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Benjamin LEROY\Application Data\$_hpcst$.hpc
[2008/03/23 19:04:04 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/03/08 15:18:35 | 00,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/01/09 14:01:48 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/12/31 15:54:15 | 00,055,313 | ---- | C] () -- C:\Program Files\viewsonicinstruct_xp.pdf
[2007/12/31 15:53:49 | 00,000,100 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2007/12/27 17:43:40 | 00,026,549 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2007/12/27 17:43:21 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2007/12/27 17:42:59 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2007/12/27 17:40:54 | 00,002,792 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2007/12/27 17:32:17 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2007/11/17 13:52:13 | 00,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2007/10/21 14:46:18 | 00,000,037 | ---- | C] () -- C:\WINDOWS\DeliveryReader.INI
[2007/09/24 15:21:45 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\eSABLDLG.dll
[2007/09/24 15:21:44 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\eSABLD.dll
[2007/09/24 15:20:56 | 00,135,168 | ---- | C] () -- C:\WINDOWS\eSINLD.dll
[2007/09/24 15:20:56 | 00,024,576 | ---- | C] () -- C:\WINDOWS\SPortLG.dll
[2007/09/24 15:20:56 | 00,020,480 | ---- | C] () -- C:\WINDOWS\eSINLDLG.dll
[2007/09/24 15:20:55 | 00,274,432 | ---- | C] () -- C:\WINDOWS\eSTsnmp.dll
[2007/09/24 15:20:49 | 00,010,154 | ---- | C] () -- C:\WINDOWS\FAXC_40c.ini
[2007/07/16 11:19:58 | 00,274,432 | ---- | C] () -- C:\WINDOWS\System32\eSTsnmp.dll
[2007/04/18 09:36:52 | 00,000,963 | ---- | C] () -- C:\WINDOWS\CD_REEF.INI
[2007/01/27 15:21:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2006/12/27 16:47:08 | 00,135,168 | R--- | C] () -- C:\WINDOWS\System32\Snmp_pp.dll
[2006/12/27 16:45:45 | 00,009,282 | ---- | C] () -- C:\WINDOWS\HUD1_40c.ini
[2006/10/10 10:42:28 | 00,000,680 | R--- | C] () -- C:\WINDOWS\hpw2800k.ini
[2006/10/10 10:40:13 | 00,019,905 | ---- | C] () -- C:\WINDOWS\hpbj2800.ini
[2006/10/10 10:39:40 | 00,005,367 | ---- | C] () -- C:\WINDOWS\mariner.ini
[2006/09/17 22:28:28 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\NEOOCR.dll
[2006/09/17 22:28:28 | 00,002,769 | RHS- | C] () -- C:\Documents and Settings\Benjamin LEROY\Local Settings\Application Data\scpsv5.dll
[2006/09/07 22:28:41 | 00,001,519 | RHS- | C] () -- C:\Documents and Settings\Benjamin LEROY\Local Settings\Application Data\SCPSS5.DLL
[2006/08/30 20:47:35 | 00,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/08/30 20:46:21 | 00,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2006/08/25 21:51:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WinPM.INI
[2006/08/25 21:43:59 | 03,870,720 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll
[2006/08/25 21:02:21 | 00,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2006/08/25 21:01:59 | 00,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2006/06/27 08:56:16 | 00,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/06/27 08:55:47 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/06/09 16:08:36 | 00,000,061 | ---- | C] () -- C:\WINDOWS\init.ini
[2006/03/20 07:52:46 | 00,000,743 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/20 07:52:46 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/03/20 07:42:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2006/03/16 19:03:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2006/02/21 07:24:04 | 00,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/02/20 08:44:15 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\wh2robo.dll
[2006/02/07 09:26:41 | 00,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2006/02/06 21:42:22 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/02/05 15:26:12 | 00,000,040 | ---- | C] () -- C:\WINDOWS\INTER.INI
[2006/01/31 08:00:09 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2006/01/26 16:41:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/01/26 16:23:41 | 00,001,968 | ---- | C] () -- C:\WINDOWS\Media9Ut.INI
[2006/01/26 16:22:55 | 00,000,106 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2006/01/25 18:10:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QUICKI~1.INI
[2006/01/24 19:08:29 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/01/17 07:05:10 | 00,203,264 | ---- | C] () -- C:\Documents and Settings\Benjamin LEROY\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/15 04:33:58 | 00,000,212 | ---- | C] () -- C:\Documents and Settings\Benjamin LEROY\Application Data\wklnhst.dat
[2006/01/15 04:30:08 | 00,000,137 | ---- | C] () -- C:\Documents and Settings\Benjamin LEROY\Local Settings\Application Data\fusioncache.dat
[2005/12/14 15:54:20 | 00,007,912 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2005/08/12 22:57:09 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/05/23 10:47:10 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2005/05/23 03:30:52 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/23 03:30:52 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/23 03:30:52 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/23 03:30:52 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/23 03:30:52 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/23 03:30:52 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/23 03:20:42 | 00,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/02/12 09:33:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/17 10:37:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/17 10:30:22 | 00,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/04/06 03:10:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2003/10/03 11:18:40 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\OgcDrvSilva.dll
[2003/10/03 11:18:32 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\OgcDrvSena.dll
[2003/10/03 11:18:26 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\OgcDrvMlr.dll
[2003/10/03 11:18:18 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\OgcDrvMagellan.dll
[2003/10/03 11:18:12 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\OgcDrvGarmin.dll
[2003/10/03 08:13:40 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\Ogc.dll
[2003/09/25 00:00:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/09/25 00:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/02/27 13:37:48 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\Nmea.dll
[2002/11/25 14:11:22 | 00,688,128 | ---- | C] () -- C:\WINDOWS\System32\BCGCB474.dll
[2002/09/05 08:34:42 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\ConversApi.dll
[2002/06/10 10:53:42 | 00,000,160 | R--- | C] () -- C:\WINDOWS\pronto.ini
[2002/01/13 16:12:02 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\CP30FW.DLL
[2001/12/19 08:07:50 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\BCGCBResFRA.dll
[2000/10/20 13:25:36 | 00,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[1999/01/22 19:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2007/01/10 06:47:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN_REZO\Application Data\HotSync
[2007/01/10 06:48:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN_REZO\Application Data\Teleca
[2007/03/28 20:23:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2008/05/20 13:54:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2006/12/02 11:00:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2007/10/19 21:22:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2006/12/28 22:46:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2008/03/07 18:02:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Participatory Culture Foundation
[2008/01/24 17:45:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp
[2008/03/08 15:18:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/08/28 09:59:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/15 17:46:39 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2007/04/25 17:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\Ambient Design
[2007/03/28 20:23:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\Autodesk
[2006/03/10 06:57:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\Azureus
[2009/09/25 14:05:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\Canon
[2008/12/02 11:40:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\Cctp
[2009/11/05 21:35:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\dBpoweramp
[2008/01/24 18:04:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\Delivery
[2007/04/25 17:24:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\gtk-2.0
[2006/12/02 10:57:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\HotSync
[2008/09/22 13:44:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\InfraRecorder
[2007/04/25 17:23:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\Inkscape
[2006/01/15 04:39:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\InterVideo
[2007/11/15 20:32:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\Kana Solution
[2006/01/15 05:11:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\Leadertech
[2006/12/28 22:46:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\PACE Anti-Piracy
[2008/03/07 18:03:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\Participatory Culture Foundation
[2008/03/07 18:11:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\PCF-VLC
[2007/03/20 19:10:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\Softland
[2006/11/23 12:04:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\Teleca
[2006/01/15 04:35:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\Template
[2006/02/03 07:21:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\Thunderbird
[2007/09/08 21:42:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\TuxPaint
[2008/08/16 08:22:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\VoipBuster
[2009/07/11 14:42:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\WD
[2007/10/22 20:08:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\Xi
[2006/06/17 09:05:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Benjamin LEROY\Application Data\XnView
[2007/07/16 20:51:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hub2\Application Data\HotSync
[2007/07/16 20:51:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hub2\Application Data\Teleca
[2009/12/21 10:41:08 | 00,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2006/03/15 20:11:00 | 00,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\Connexion facile à Internet.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 869 bytes -> C:\Documents and Settings\Benjamin LEROY\Cookies:LwxDV7CN2AzUWKsx6
@Alternate Data Stream - 866 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:AOazVp3qVnMEvmb64wY9oB9sJk
@Alternate Data Stream - 865 bytes -> C:\Program Files\Fichiers communs\Microsoft Shared:rHKYTudo9nu4wJ2dxn42A
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:CAF833B2B444A3DB
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 1010 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:gPUW4ZBRvC4sYFsG6TUbQg
@Alternate Data Stream - 1005 bytes -> C:\Program Files\WindowsUpdate:cZCF9MpYZ2PpzlprFTP
<End>


Merci,
A bientôt.
Bj
benyoyo
 
Messages: 8
Inscription: 16 Déc 2009, 00:06

Messagede nickW » 22 Déc 2009, 01:24

Bonsoir,

Encore quelques manips:

Étape 1: OTL (de OldTimer), nettoyage
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK
Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien
:Processes
explorer.exe

:otl
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Setup.exe -- File not found
@Alternate Data Stream - 869 bytes -> C:\Documents and Settings\Benjamin LEROY\Cookies:LwxDV7CN2AzUWKsx6
@Alternate Data Stream - 866 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:AOazVp3qVnMEvmb64wY9oB9sJk
@Alternate Data Stream - 865 bytes -> C:\Program Files\Fichiers communs\Microsoft Shared:rHKYTudo9nu4wJ2dxn42A
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:CAF833B2B444A3DB
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 1010 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:gPUW4ZBRvC4sYFsG6TUbQg
@Alternate Data Stream - 1005 bytes -> C:\Program Files\WindowsUpdate:cZCF9MpYZ2PpzlprFTP

:Commands
[start explorer]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom OTL-1.txt
Fermer le Bloc-notes.
Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: benyoyo.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus et celui de l'antispyware.
Image AVG: ouvrir AVG Control Center, double clic sur "AVG Resident Shield", décocher "Turn on AVG Resident Shield"
Image Ad-Watch: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), clic sur Close Ad-Watch


Étape 3: OTL (de OldTimer), nettoyage
Faire un double clic sur OTL.exe pour lancer l'outil.
Ouvrir le fichier OTL-1.txt dans le Bloc-notes.
Dans le Bloc-notes, cliquer sur le menu Edition (en haut) et choisir Sélectionner tout.
Dans le Bloc-notes, cliquer sur le menu Edition (en haut) et choisir Copier.

Retourner dans la fenêtre de OTL, faire un clic droit dans la fenêtre située en bas nommée "Custom Scans/Fixes" Image et choisir Coller.

Fermer toutes les fenêtres de programme ouvertes (navigateur, traitement de texte, etc...): un redémarrage du PC peut se produire.

Cliquer sur le bouton Run Fix: Image

Note: Un redémarrage est parfois nécessaire. S'il est demandé, cliquer sur Oui/Yes

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Fix Complete! Click OK to open the fix log". Cliquer sur OK puis fermer OTL.


Étape 4: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus et celui de l'antispyware.


Étape 5: Résultat
Envoyer en réponse:
*- le rapport de correction de OTL (contenu du fichier SystemDrive\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]


Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection. Toujours des détections par AVG?


A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 19 invités