demande analyse suite spam

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

demande analyse suite spam

Messagede buck_b23 » 27 Déc 2009, 18:44

bonjour à tous voici mon log de hijack this car petit soucis d'ouverture de fenetre avec mozilla firefox
merci d'avance de vos remarques.
cordialement

Logfile of HijackThis v1.99.1
Scan saved at 18:38:18, on 27/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\imapi.exe
F:\Programmes\antivirus firewall\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tinit.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tinit.org/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: LBTServ - C:\Program Files\Fichiers communs\Logitech\Bluetooth\lbtserv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
buck_b23
 
Messages: 6
Inscription: 27 Déc 2009, 18:41

Messagede nickW » 27 Déc 2009, 19:46

Bonsoir,

Logfile of HijackThis v1.99.1

C'est en mars 2007 que Merijn, le créateur de HijackThis, a vendu son programme à TrendMicro. Cela fait donc 2 ans 3/4 que la version 1.99.1 n'est plus à jour!

Comme HijackThis est bien trop rudimentaire pour les "nuisibles" d'aujourd'hui, peux-tu suivre les instructions de ce sujet et envoyer les trois rapports demandés?


Question 1: "spam" reçu ou envoyé?

Question 2: que sont ces "petit soucis d'ouverture de fenêtre avec mozilla firefox"?

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede buck_b23 » 28 Déc 2009, 08:09

merci de la réponse je fais ça ce soir
cordialement.
buck_b23
 
Messages: 6
Inscription: 27 Déc 2009, 18:41

Messagede buck_b23 » 29 Déc 2009, 20:50

bonjour suite à l'analyse ci après le rapport Malwarebytes:
Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3450
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29/12/2009 19:46:42
mbam-log-2009-12-29 (19-46-35).txt

Type de recherche: Examen rapide
Eléments examinés: 142144
Temps écoulé: 8 minute(s), 27 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\parent\Local Settings\Application Data\dsixucyh_navps.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\parent\Local Settings\Application Data\dsixucyh_nav.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\parent\Local Settings\Application Data\dsixucyh.dat (Adware.Navipromo.H) -> No action taken.
buck_b23
 
Messages: 6
Inscription: 27 Déc 2009, 18:41

Messagede buck_b23 » 29 Déc 2009, 20:52

le rapport de OLT.txt :
OTL logfile created on: 29/12/2009 19:49:26 - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\parent\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 023,00 Mb Total Physical Memory | 379,00 Mb Available Physical Memory | 37,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 244,14 Gb Total Space | 176,85 Gb Free Space | 72,44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 221,61 Gb Total Space | 27,82 Gb Free Space | 12,56% Space Free | Partition Type: NTFS
Drive G: | 647,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PARENT-PC
Current User Name: parent
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/29 19:15:08 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\parent\Bureau\OTL.exe
PRC - [2009/12/20 12:43:19 | 00,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/25 00:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/25 00:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/25 00:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/25 00:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/25 00:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/14 16:02:06 | 00,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2009/11/13 18:24:29 | 00,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/09/30 17:46:14 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/09/30 17:45:02 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/04/14 13:00:00 | 00,979,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/18 23:05:02 | 00,630,784 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
PRC - [2006/11/13 14:07:02 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 14:06:52 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/05/21 08:43:14 | 00,155,648 | ---- | M] (Y'z@Home) -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
PRC - [2006/05/21 08:43:08 | 00,180,224 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
PRC - [2006/04/24 19:23:42 | 00,339,968 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2006/03/28 15:48:54 | 00,622,592 | R--- | M] () -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2006/02/01 16:45:54 | 00,098,304 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
PRC - [2005/04/02 01:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2005/03/17 19:17:36 | 00,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2004/12/02 09:33:32 | 00,598,016 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2004/11/05 16:32:20 | 00,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
PRC - [2004/10/28 18:36:32 | 00,565,309 | ---- | M] (Broadcom Corporation) -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
PRC - [2004/10/28 18:35:56 | 01,249,364 | ---- | M] (Broadcom Corporation) -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTStackServer.exe
PRC - [2004/10/28 18:30:02 | 00,163,840 | ---- | M] (Broadcom Corporation) -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
PRC - [2004/09/09 20:58:52 | 00,073,728 | ---- | M] (Logitech Corp.) -- C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
PRC - [2004/09/03 15:45:08 | 00,057,344 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
PRC - [2004/09/03 15:44:08 | 00,065,536 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
PRC - [2004/06/03 20:51:54 | 00,131,072 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe


========== Modules (SafeList) ==========

MOD - [2009/12/29 19:15:08 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\parent\Bureau\OTL.exe
MOD - [2008/04/14 13:00:00 | 01,028,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2008/04/14 13:00:00 | 00,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42loc.dll
MOD - [2008/04/14 13:00:00 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hid.dll
MOD - [2007/03/18 23:04:22 | 00,069,632 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
MOD - [2006/05/21 08:43:14 | 00,053,248 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll
MOD - [2006/05/21 08:43:08 | 00,065,536 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
MOD - [2004/12/02 09:30:40 | 00,090,112 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2004/12/02 09:30:10 | 00,053,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\KEMHook.dll
MOD - [2004/09/09 20:53:16 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\Shared Files\CLRCEngine.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/25 00:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/25 00:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/25 00:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/25 00:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/14 16:02:06 | 00,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2009/11/01 18:34:37 | 00,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/27 11:17:36 | 00,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/08/29 10:00:30 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
SRV - [2005/04/02 01:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)
SRV - [2004/10/28 18:30:02 | 00,163,840 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe -- (btwdins)
SRV - [2004/09/03 15:44:08 | 00,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Logitech\Easy Synchronization\servicestub.exe -- (Logitech Easy Synchronization)
SRV - [2003/07/28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/11/25 00:50:59 | 00,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/25 00:50:12 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/25 00:50:00 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/25 00:49:07 | 00,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/25 00:48:57 | 00,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/25 00:47:54 | 00,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/11/21 22:47:48 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/04/14 13:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2008/04/13 19:55:34 | 00,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 12:45:30 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2005/04/25 10:43:58 | 00,159,616 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Vax347b.sys -- (Vax347b)
DRV - [2004/11/05 16:35:58 | 00,013,104 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2004/11/05 16:34:52 | 00,055,008 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2004/11/05 16:34:44 | 00,071,756 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2004/11/05 16:34:26 | 00,024,764 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2004/11/05 11:08:06 | 00,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004/10/28 18:18:52 | 00,017,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2004/10/28 18:16:26 | 01,241,546 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2004/10/28 18:12:58 | 00,044,003 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2004/10/28 18:12:36 | 00,030,299 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2004/10/28 18:12:00 | 00,054,488 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004/10/15 12:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/09/03 15:44:10 | 00,047,104 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vserial.sys -- (vserial)
DRV - [2004/09/03 15:44:10 | 00,018,167 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vsb.sys -- (vsbus)
DRV - [2004/05/25 15:58:04 | 00,396,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
DRV - [2004/05/25 15:58:02 | 00,048,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2004/04/30 09:33:00 | 00,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\Vax347s.sys -- (Vax347s)
DRV - [2004/04/13 12:44:24 | 00,022,497 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidPPKE.Sys -- (LHidPPKE)
DRV - [2004/04/02 15:40:00 | 00,021,760 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/09/04 13:45:44 | 00,055,144 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112.sys -- (si3112)
DRV - [2003/09/01 11:00:00 | 00,104,064 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2003/08/13 15:27:22 | 00,065,280 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/06/09 18:56:40 | 00,010,112 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiWinAcc)
DRV - [2003/06/09 18:56:40 | 00,010,112 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2001/08/17 21:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Pilote de filtrage Sony USB (SONYPVU1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tinit.org/


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1614895754-1580436667-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tinit.org/
IE - HKU\S-1-5-21-1614895754-1580436667-1417001333-1004\S-1-5-21-1614895754-1580436667-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1614895754-1580436667-1417001333-1004\S-1-5-21-1614895754-1580436667-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Chercher Malin"
FF - prefs.js..browser.search.selectedEngine: "Chercher Malin"
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/20 12:43:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/20 12:43:27 | 00,000,000 | ---D | M]

[2009/04/03 18:35:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\parent\Application Data\Mozilla\Extensions
[2009/04/03 18:35:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\parent\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/12/28 21:15:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\parent\Application Data\Mozilla\Firefox\Profiles\7oov9z9k.default\extensions
[2009/08/10 17:56:32 | 00,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\parent\Application Data\Mozilla\Firefox\Profiles\7oov9z9k.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2009/07/10 18:47:03 | 00,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\parent\Application Data\Mozilla\Firefox\Profiles\7oov9z9k.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2009/07/16 21:10:56 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\parent\Application Data\Mozilla\Firefox\Profiles\7oov9z9k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2009/12/28 21:15:08 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/04 01:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009/08/16 00:12:19 | 00,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2009/08/16 00:12:19 | 00,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/08/16 00:12:19 | 00,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2009/08/16 00:12:19 | 00,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2009/08/16 00:12:19 | 00,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: (790 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Burn4Free Toolbar Helper) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O3 - HKU\S-1-5-21-1614895754-1580436667-1417001333-1004\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe ()
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe ()
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Logitech\MediaLife\MediaLifeService.exe (Logitech Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1614895754-1580436667-1417001333-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1614895754-1580436667-1417001333-1004..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1614895754-1580436667-1417001333-1004..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1614895754-1580436667-1417001333-1004..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found
O4 - HKU\S-1-5-21-1614895754-1580436667-1417001333-1004..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe File not found
O4 - HKLM..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk = C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe (Broadcom Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\parent\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\parent\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\parent\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Documents and Settings\parent\Menu Démarrer\Programmes\Démarrage\TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe (AKSoftware)
O4 - Startup: C:\Documents and Settings\parent\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe ()
O4 - Startup: C:\Documents and Settings\parent\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe (Y'z@Home)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1614895754-1580436667-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm ()
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTServ: DllName - C:\Program Files\Fichiers communs\Logitech\Bluetooth\lbtserv.dll - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.dll (Logitech Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O28 - HKLM ShellExecuteHooks: {FE24CD78-7C63-465D-8787-4EDF7FC79895} - C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/27 13:46:29 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/05/04 17:16:31 | 00,000,316 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{74751a41-a44e-11dd-846d-000feae55df4}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/10/27 13:46:08 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/12/29 19:21:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/29 19:20:06 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/12/29 19:18:48 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\parent\Bureau\erunt-setup.exe
[2009/12/29 19:17:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\parent\Application Data\Malwarebytes
[2009/12/29 19:17:54 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/29 19:17:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/29 19:17:52 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/29 19:17:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/29 19:16:57 | 04,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\parent\Bureau\mbam-setup.exe
[2009/12/29 19:15:08 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\parent\Bureau\OTL.exe
[2009/07/17 17:52:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/12/22 19:05:33 | 00,159,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347b.sys
[2008/12/22 19:05:33 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347s.sys
[2008/10/30 22:01:24 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/10/30 22:00:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/10/28 20:11:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Logitech
[2008/10/27 13:49:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/10/27 13:46:22 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/29 19:22:31 | 05,242,880 | ---- | M] () -- C:\Documents and Settings\parent\ntuser.dat
[2009/12/29 19:20:11 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\parent\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2009/12/29 19:20:06 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\parent\Bureau\NTREGOPT.lnk
[2009/12/29 19:20:06 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\parent\Bureau\ERUNT.lnk
[2009/12/29 19:19:42 | 00,005,024 | ---- | M] () -- C:\Documents and Settings\parent\Bureau\erunt-loc_fr.zip
[2009/12/29 19:18:51 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\parent\Bureau\erunt-setup.exe
[2009/12/29 19:17:57 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/12/29 19:17:09 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\parent\Bureau\mbam-setup.exe
[2009/12/29 19:15:08 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\parent\Bureau\OTL.exe
[2009/12/29 18:56:40 | 00,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/29 18:56:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/29 18:56:29 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/29 18:56:26 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/28 21:27:04 | 00,000,184 | -HS- | M] () -- C:\Documents and Settings\parent\ntuser.ini
[2009/12/28 21:03:10 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/27 20:54:00 | 00,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/27 17:08:42 | 00,105,984 | ---- | M] () -- C:\Documents and Settings\parent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/27 17:08:42 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/12 08:49:08 | 01,188,762 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/12 08:49:08 | 00,535,068 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009/12/12 08:49:08 | 00,462,432 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/12 08:49:08 | 00,096,046 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009/12/12 08:49:08 | 00,079,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/09 20:01:32 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/02 18:06:24 | 00,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/29 19:20:11 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\parent\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2009/12/29 19:20:06 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\parent\Bureau\NTREGOPT.lnk
[2009/12/29 19:20:06 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\parent\Bureau\ERUNT.lnk
[2009/12/29 19:19:40 | 00,005,024 | ---- | C] () -- C:\Documents and Settings\parent\Bureau\erunt-loc_fr.zip
[2009/12/29 19:17:57 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/11/08 17:19:50 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\parent\Application Data\$_hpcst$.hpc
[2009/09/26 18:36:40 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/09/05 10:55:14 | 00,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/08/08 16:42:29 | 00,465,504 | ---- | C] () -- C:\Documents and Settings\parent\Local Settings\Application Data\dsixucyh_nav.dat
[2009/08/08 16:41:56 | 00,003,419 | ---- | C] () -- C:\Documents and Settings\parent\Local Settings\Application Data\dsixucyh.dat
[2009/08/08 16:41:56 | 00,002,049 | ---- | C] () -- C:\Documents and Settings\parent\Local Settings\Application Data\dsixucyh_navps.dat
[2009/05/18 22:52:41 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008/12/22 19:07:56 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/11/28 18:36:17 | 00,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/01 19:22:40 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/30 22:49:03 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2008/10/30 22:49:03 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2008/10/28 20:30:46 | 00,000,434 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/10/28 20:30:46 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/10/28 20:25:17 | 00,027,279 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/10/28 20:12:53 | 00,000,031 | ---- | C] () -- C:\WINDOWS\warhead.ini
[2008/10/27 19:33:23 | 00,105,984 | ---- | C] () -- C:\Documents and Settings\parent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/10/28 18:26:42 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2003/12/09 00:08:20 | 02,539,520 | ---- | C] () -- C:\WINDOWS\System32\Bbgspdf.dll
[2003/12/02 13:39:08 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\InstallPrinter.dll
[2003/01/30 06:04:00 | 00,618,496 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2002/05/15 23:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2002/03/04 10:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/11/23 18:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Custom Scans ==========


<SYSTEMDRIVE>


<MD5>
[2008/04/14 13:00:00 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

<MD5>
[2008/04/14 13:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 13:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

<MD5>
[2008/04/14 13:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 13:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll

<MD5>
[2004/06/03 10:40:46 | 00,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\NVIDIA\nForceWin2KXP\5.10\IDE\Win2K\NvAtaBus.sys
[2004/06/03 10:40:46 | 00,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\NVIDIA\nForceWin2KXP\5.10\IDE\WinXP\NvAtaBus.sys

<MD5>
[2008/04/14 13:00:00 | 00,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 13:00:00 | 00,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

<systemroot>

========== Alternate Data Streams ==========

@Alternate Data Stream - 40 bytes -> C:\WINDOWS\system32:b9bf9581.zreglib
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:6A79B5B05F5F91A8
<End>
buck_b23
 
Messages: 6
Inscription: 27 Déc 2009, 18:41

Messagede buck_b23 » 29 Déc 2009, 20:53

et le rapport d' EXTRAS.txt, mercie de votre aide :


OTL Extras logfile created on: 29/12/2009 19:49:26 - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\parent\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 023,00 Mb Total Physical Memory | 379,00 Mb Available Physical Memory | 37,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 244,14 Gb Total Space | 176,85 Gb Free Space | 72,44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 221,61 Gb Total Space | 27,82 Gb Free Space | 12,56% Space Free | Partition Type: NTFS
Drive G: | 647,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PARENT-PC
Current User Name: parent
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1614895754-1580436667-1417001333-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- ()
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{11C759CA-C04C-4857-A243-429B4A7B2CC8}" = ViaMichelin Navigation PND
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 17
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{362BFFCD-8274-11D8-97C8-000129760CBE}" = MediaLife
"{3CF93EDF-F15E-4D8F-A8A3-E574AD3212D3}" = Hercules QuickAccess
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{491CED7A-0F13-4BE6-957A-59DCA69E8271}" = Guitar Pro 4
"{4C8EDB2B-7D69-929F-0064-77B589571036}" = Nero 7 Demo
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
"{5CCD87D7-B345-4211-9F2E-021F1B623E02}" = SolidWorks 2006 SP0
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6860B340-530D-46B3-91F8-1AE1F70F7C33}" = OpenOffice.org 3.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C47092F-B249-43CB-A780-40274329043D}" = eDrawings 2006
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = WIDCOMM Bluetooth Software
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC134D03-97F1-45B9-B32A-52E885AFA895}" = Mobile Phone Suite Easy Synchronization
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" =
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = Utilitaire de configuration iPhone
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AutoCAD 2008 - English" = AutoCAD 2008 - English
"avast!" = avast! Antivirus
"Burn4Free" = Burn4Free CD and DVD
"Burn4Free Toolbar" = Burn4Free Toolbar
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"eMule" = eMule
"ERUNT_is1" = ERUNT 1.1j
"FairUse Wizard 2" = FairUse Wizard 2
"HijackThis" = HijackThis 1.99.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"LimeWire" = LimeWire PRO 4.12.6
"Live Media" = Todae - Live Media
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Movies2iPhone" = Movies2iPhone .74b
"Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Pack Vista Inspirat 2" = Pack Vista Inspirat 2 1.0
"Permis de construire Expert CAD_is1" = Permis de construire Expert CAD
"Photodex Presenter" = Photodex Presenter
"ProShow Gold" = ProShow Gold
"TicTacPhoto" = TicTacPhoto
"TUGZip_is1" = TUGZip 3.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1614895754-1580436667-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 03/12/2009 16:31:51 | Computer Name = PARENT-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\PARENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7OOV9Z9K.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}\DEFAULTS\PREFERENCES\DEFAULTS.JS
failed, 00000005.

Error - 03/12/2009 16:31:51 | Computer Name = PARENT-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\PARENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7OOV9Z9K.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}\DEFAULTS\PREFERENCES\DEFAULTS.JS
failed, 00000005.

Error - 03/12/2009 16:31:51 | Computer Name = PARENT-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\PARENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7OOV9Z9K.DEFAULT\PREFS.JS
failed, 00000005.

Error - 03/12/2009 16:31:51 | Computer Name = PARENT-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\PARENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7OOV9Z9K.DEFAULT\USER.JS
failed, 00000005.

Error - 09/12/2009 14:37:35 | Computer Name = PARENT-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\PARENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7OOV9Z9K.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}\DEFAULTS\PREFERENCES\DEFAULTS.JS
failed, 00000005.

Error - 09/12/2009 14:37:35 | Computer Name = PARENT-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\PARENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7OOV9Z9K.DEFAULT\PREFS.JS
failed, 00000005.

Error - 09/12/2009 14:37:35 | Computer Name = PARENT-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\PARENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7OOV9Z9K.DEFAULT\USER.JS
failed, 00000005.

Error - 21/12/2009 10:24:39 | Computer Name = PARENT-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\PARENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7OOV9Z9K.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}\DEFAULTS\PREFERENCES\DEFAULTS.JS
failed, 00000005.

Error - 21/12/2009 10:24:39 | Computer Name = PARENT-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\PARENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7OOV9Z9K.DEFAULT\PREFS.JS
failed, 00000005.

Error - 21/12/2009 10:24:39 | Computer Name = PARENT-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\PARENT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7OOV9Z9K.DEFAULT\USER.JS
failed, 00000005.

[ Application Events ]
Error - 03/09/2009 13:59:38 | Computer Name = PARENT-PC | Source = MsiInstaller | ID = 11706
Description = Produit: SolidWorks 2006 SP0 -- Erreur 1706.Aucune source valide n'a
été trouvée pour le produit SolidWorks 2006 SP0. Impossible de poursuivre l'exécution
de Windows Installer.

Error - 08/09/2009 05:19:26 | Computer Name = PARENT-PC | Source = Application Error | ID = 1000
Description = Application défaillante itunes.exe, version 8.2.1.6, module défaillant
kernel32.dll, version 5.1.2600.5781, adresse de défaillance 0x00012afb.

Error - 22/09/2009 04:24:50 | Computer Name = PARENT-PC | Source = Application Error | ID = 1000
Description = Application défaillante nero.exe, version 7.0.5.4, module défaillant
nerosearch.dll, version 1.0.2.8, adresse de défaillance 0x0001b31b.

Error - 22/09/2009 04:25:59 | Computer Name = PARENT-PC | Source = Application Hang | ID = 1002
Description = Application bloquée nero.exe, version 7.0.5.4, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 22/09/2009 04:35:21 | Computer Name = PARENT-PC | Source = Application Error | ID = 1000
Description = Application défaillante nero.exe, version 7.0.5.4, module défaillant
nerofiledialog.dll, version 1.0.2.8, adresse de défaillance 0x000616c7.

Error - 23/09/2009 09:00:53 | Computer Name = PARENT-PC | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.0.3526, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 13/11/2009 13:39:02 | Computer Name = PARENT-PC | Source = Application Error | ID = 1000
Description = Application défaillante AppleMobileDeviceService.exe, version 2.50.39.0,
module défaillant AppleMobileDeviceService.exe, version 2.50.39.0, adresse de défaillance
0x000121c0.

Error - 13/11/2009 13:41:28 | Computer Name = PARENT-PC | Source = Application Hang | ID = 1002
Description = Application bloquée iTunes.exe, version 9.0.1.8, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 13/11/2009 13:41:47 | Computer Name = PARENT-PC | Source = Application Hang | ID = 1002
Description = Application bloquée SoftwareUpdate.exe, version 2.1.1.116, module
bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 20/11/2009 18:07:04 | Computer Name = PARENT-PC | Source = Application Error | ID = 1000
Description = Application défaillante firefox.exe, version 1.9.0.3576, module défaillant
xul.dll, version 1.9.0.3576, adresse de défaillance 0x005f36be.

[ System Events ]
Error - 26/12/2009 07:00:08 | Computer Name = PARENT-PC | Source = Cdrom | ID = 262151
Description = Le périphérique \Device\CdRom1 comporte un bloc défectueux.

Error - 26/12/2009 07:00:08 | Computer Name = PARENT-PC | Source = Cdrom | ID = 262151
Description = Le périphérique \Device\CdRom1 comporte un bloc défectueux.

Error - 26/12/2009 07:00:08 | Computer Name = PARENT-PC | Source = Cdrom | ID = 262151
Description = Le périphérique \Device\CdRom1 comporte un bloc défectueux.

Error - 26/12/2009 07:00:08 | Computer Name = PARENT-PC | Source = Cdrom | ID = 262151
Description = Le périphérique \Device\CdRom1 comporte un bloc défectueux.

Error - 26/12/2009 07:00:08 | Computer Name = PARENT-PC | Source = Cdrom | ID = 262151
Description = Le périphérique \Device\CdRom1 comporte un bloc défectueux.

Error - 26/12/2009 07:00:08 | Computer Name = PARENT-PC | Source = Cdrom | ID = 262151
Description = Le périphérique \Device\CdRom1 comporte un bloc défectueux.

Error - 26/12/2009 07:00:08 | Computer Name = PARENT-PC | Source = Cdrom | ID = 262151
Description = Le périphérique \Device\CdRom1 comporte un bloc défectueux.

Error - 26/12/2009 07:00:08 | Computer Name = PARENT-PC | Source = Cdrom | ID = 262151
Description = Le périphérique \Device\CdRom1 comporte un bloc défectueux.

Error - 27/12/2009 11:38:08 | Computer Name = PARENT-PC | Source = DCOM | ID = 10000
Description = Le démarrage d'un serveur DCOM : {6B365A86-AD02-4314-A4AA-F088EDCEDAA1}
n'est pas possible. L'erreur : "%2" s'est produite lors du démarrage de la commande :
-Embedding

Error - 27/12/2009 13:19:47 | Computer Name = PARENT-PC | Source = DCOM | ID = 10000
Description = Le démarrage d'un serveur DCOM : {6B365A86-AD02-4314-A4AA-F088EDCEDAA1}
n'est pas possible. L'erreur : "%2" s'est produite lors du démarrage de la commande :
-Embedding


<End>
buck_b23
 
Messages: 6
Inscription: 27 Déc 2009, 18:41

Messagede nickW » 29 Déc 2009, 22:35

Bonsoir,

Une première remarque:
L'Observateur d'événements a enregistré cette erreur:
Description = Le périphérique \Device\CdRom1 comporte un bloc défectueux.

Donc, le CD qui était dans le lecteur le 26/12/2009 07:00:08 ..... est abîmé! :wink:


Nettoyage:

Étape 1: Navilog1 (de IL-MAFIOSO)
Télécharger Navilog1 par un clic droit sur le lien ci-dessous:
http://pagesperso-orange.fr/il.mafioso/ ... vilog1.exe
Enregistrer le fichier sur le Bureau.

Fermer toutes les applications actives (comme traitement de texte, navigateur).
Faire un double clic sur le fichier Navilog1.exe présent sur le Bureau.

Suivre les indications affichées.
Sur le menu principal, choisir l'option 1 et valider.
(ne pas choisir l'option 2 sans mon avis/accord)

L'outil peut annoncer qu'il va effectuer un redémarrage du PC: Appuyer sur une touche comme demandé.
Si le PC ne redémarre pas automatiquement, lancer manuellement le redémarrage, en choisissant la session habituelle.

Attendre jusqu'au message :
*** Scan Termine le ..... ***
Appuyer sur une touche comme demandé, le Bloc-notes va s'ouvrir.
Note: Dans le Bloc-notes, vérifier dans le menu Format (en haut) que l'option "Retour automatique à la ligne" n'est pas cochée.
Enregistrer ce fichier sous le nom navi1-091229.txt
Fermer le Bloc-notes.


Étape 2: Résultat
Envoyer en réponse:
*- le rapport de Navilog1, Option 1 (contenu du fichier navi1-091229.txt)


Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede buck_b23 » 03 Jan 2010, 19:01

merci de la reponse opération effectuée avec succès je vous indiquerais si il y à nouveau des problèmes.
ci après lelo de navilog1

Fix Navipromo version 4.0.6 commencé le 03/01/2010 18:47:19,50

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 03.01.2010 à 11h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 2500+ )
BIOS : Award Modular BIOS v6.00PG
USER : parent ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1368 [VPS 100103-0] 4.8.1368 (Activated)


A:\ (USB)
C:\ (Local Disk) - NTFS - Total:244 Go (Free:176 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:221 Go (Free:27 Go)
G:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)


Recherche executée en mode normal

Nettoyage exécuté au redémarrage de l'ordinateur


C:\Program Files\Live-Player supprimé !
c:\docume~1\alluse~1\menudm~1\progra~1\Live-Player supprimé !
C:\Documents and Settings\parent\applic~1\Live-Player supprimé !
c:\docume~1\parent\locals~1\applic~1\dsixucyh.dat supprimé !
c:\docume~1\parent\locals~1\applic~1\dsixucyh_nav.dat supprimé !
c:\docume~1\parent\locals~1\applic~1\dsixucyh_navps.dat supprimé !


Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\parent\locals~1\Temp effectué !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok




*** Scan terminé 03/01/2010 18:57:07,10 ***
buck_b23
 
Messages: 6
Inscription: 27 Déc 2009, 18:41

Messagede nickW » 04 Jan 2010, 01:29

Bonsoir,

L'infection NaviPromo (logiciel publicitaire - adware) est installée par les programmes :

*- Funky Emoticons
*- Game Attack
*- go-astro
*- GoRecord
*- HotTVPlayer / HotTVPlayer & Paris Hilton
*- Live-Player <----- trouvé sur ton PC
*- MailSkinner
*- Messenger Skinner
*- Instant Access
*- InternetGameBox
*- Official Emule
*- Original Solitaire
*- SuperSexPlayer
*- Speed Downloading
*- Sudoplanet
*- Webmediaplayer

Fais attention à ce que tu installes!
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede nickW » 04 Jan 2010, 01:29

Re-,

Si le PC ne présente plus de symptômes d'infection, voici quelques conseils supplémentaires (sécurisation & optimisation) à appliquer:


ImageUn conseil important:
Il faut créer un nouveau point de restauration système.
Après nettoyage du PC, il faut vider les fichiers stockés dans les dossiers de la Restauration système, puis créer un nouveau point de restauration qui sera utilisable en cas de problème.
Méthode:
Désactiver la restauration système, réactiver la restauration système, puis créer un nouveau point de restauration.
Explications détaillées:
http://assiste.com.free.fr/p/comment/co ... ation.html


ImageUn conseil important:
Il faut installer un vrai pare-feu.
Voir ICI et ICI. (Note: ces pages ne sont plus à jour)
Voir également: ici et ici


ImageUn conseil:
Avast! n'est plus un bon antivirus (en tout cas dans sa version gratuite)!
Le logiciel antivirus Avira Antivir Personal est actuellement bien plus "réactif" vis à vis des nouveaux nuisibles que avast!
Une version française est disponible.
Présentation: http://assiste.com.free.fr/p/logitheque/antivir.html
Présentation sur libellules.ch: http://www.libellules.ch/tuto_antivir.php
Site officiel: http://www.free-av.com/fr/products/1/av ... virus.html
Téléchargement: http://www.free-av.com/en/download/download_servers.php
Prendre le fichier Avira AntiVir Personal - FREE Antivirus, Version 9
Date: 2009-12-14, Version: 9.0.0.74

Image


ImageUn conseil important:
Désinstaller toutes les versions obsolètes de Java de Sun dont les failles sont utilisées par les "malveillants".
Page d'Assiste: http://assiste.com.free.fr/p/abc/c/anti_java.html
Pour la suppression des anciennes versions:

JavaRa (de Fred de Vries et Paul McLain)
Télécharger JavaRa depuis cette page: http://raproducts.org/
(Dans l'article JavaRa, cliquer sur Download Windows Binary (.zip file)).
Enregistrer le fichier JavaRa.zip sur le Bureau.
Créer un nouveau dossier nommé JavaRa et y décompresser la totalité de l'archive (clic droit, puis Extraire tout).
Ouvrir le dossier JavaRa puis faire un double clic sur JavaRa.exe pour lancer l'outil.

Sous "Select the language of your choice below" choisir (via la liste déroulante) Français et cliquer sur le bouton Select.

Cliquer sur le bouton Effacer les anciennes versions et valider ce choix en cliquant sur Oui ("Êtes-vous sûr de vouloir poursuivre?").

Cliquer deux fois sur OK.
Un rapport va s'afficher dans le Bloc-notes. Fermer le Bloc-notes.
Fermer JavaRa.


ImageUn conseil important:
Proscrire l'utilisation de P2P illicite!
eMule est l'antithèse de la sécurité (© Jim Rakoto).
LimeWire et BitTorrent ne sont guère mieux.


ImageUn conseil:
Lire Quel comportement devez-vous adopter en tout temps?
Lire les Recommandations du "kit de sécurité", et en appliquer les mesures préventives.


ImageUn conseil:
Désactiver la fonction de lancement automatique ("autorun") sur les lecteurs amovibles.
Voir ce sujet de Gof:
Guide sécurisation Windows face aux menaces infectieuses USB
http://assiste.forum.free.fr/viewtopic.php?t=25228
Lire également (de Gof):
Les infections se propageant par les supports amovibles : USB, Flash, etc.
http://forum.zebulon.fr/infections-par- ... 31959.html
... et sa synthèse ici


ImageUn conseil:
La version gratuite de MBAM (Malwarebytes' Anti-Malware) reste utilisable pour effectuer des analyses à la demande.
Tu peux donc choisir de la laisser installée, et de l'utiliser de temps en temps (pour faire du "nettoyage") en faisant une mise à jour manuelle avant de demander l'examen.


ImageUn conseil:
Il est possible d'alléger la procédure de démarrage et de libérer quelques ressources système.
Certains programmes sont considérés comme "inutiles au démarrage": ils sont lancés systématiquement à chaque démarrage du système (même si l'on ne s'en sert pas), ils restent actifs et utilisent des ressources du système.
Il est indispensable de consulter la liste des startups (programmes lancés au démarrage) d'après Pacman (Paul Collins) pour prendre sa décision (les garder au démarrage ou non). Voir ICI.
Version téléchargeable (clic droit sur le lien): http://assiste.com.free.fr/ftp/Startups-vf.chm
Image Note: Le site n'est pas à jour, il faut utiliser la version téléchargeable.
Sont dans ce cas:

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Documents and Settings\parent\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

Si tu décides de les désactiver, tu peux utiliser la méthode "msconfig" ou installer Autoruns [voir ici et ici] (sauf indications particulières dans la liste de Pacman).


ImageUn conseil:
Image Il est préférable de supprimer OTL (fichier téléchargé OTL.exe et fichiers résultats OTL.Txt et Extras.Txt situés sur le Bureau, ainsi que s'il(s) existe(nt) le(s) fichier(s) de travail OTL-*.txt).
Note: S'il existe, le dossier SystemDrive\_OTL contient des sauvegardes. Après avoir vérifié que tous les logiciels du PC fonctionnent correctement, il sera possible de supprimer ce dossier.
Image Il est préférable de supprimer Navilog1 (fichier téléchargé Navilog1.exe, dossier d'installation %programfiles%\Navilog1, et fichiers résultats navi*-*.txt).
%programfiles% représente le dossier d'installation par défaut des programmes, généralement C:\Program Files
Image Vider les quarantaines de l'antivirus et de l'anti-spyware.



Voilì, voilò, voilà.

Salut,

PS:
Si tu considères que ce sujet est clos, peux-tu mettre [OK] devant le titre du premier message. Voir ICI.
Merci.
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France


Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 36 invités

cron