[ok] Demande d'analyse de log

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[ok] Demande d'analyse de log

Messagede Cyril » 28 Déc 2009, 20:54

Bonjour,

description des symptômes

Antivir trouvant un virus
je le met en quarantaine, puis
écran bleu, vidage de la mémoire physique
J'éteins l'ordinateur à ce moment là.

alerte virus inconnue (danger, there are some serious security threats detected...)
security center ne trouvant pas d'antivirus
Security Center alert, trouve un "suspicious software" qu'un seul choix sur la boite de dialogue : "enable protection"
Des liens vers des sites pornos sont apparus sur mon bureau.

Entre temps mon ordinateur a decidé de redémarrer tout seul

Je lance Antivir,
Antivir trouve quelques résultats, et je les met en quarantaine. et je répare ce qu'il me propose.


Je désactive antivir quard pour faire le contrôle MAM...

Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3445
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28/12/2009 20:42:12
mbam-log-2009-12-28 (20-42-05).txt

Type de recherche: Examen rapide
Eléments examinés: 120378
Temps écoulé: 6 minute(s), 4 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\richtx64.exe (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Cyril Jacob\Local Settings\Temp\H8SRT43c.tmp (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Cyril Jacob\Local Settings\Temp\H8SRT8817.tmp (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Cyril Jacob\Local Settings\Temp\H8SRT44c.tmp (Rootkit.TDSS) -> No action taken.
C:\Documents and Settings\Cyril Jacob\Local Settings\Temp\H8SRT8827.tmp (Rootkit.TDSS) -> No action taken.
Cyril
 
Messages: 11
Inscription: 28 Déc 2009, 19:53

Messagede Cyril » 28 Déc 2009, 20:56

OTL logfile created on: 28/12/2009 20:43:40 - Run 2
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Cyril Jacob\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

895,00 Mb Total Physical Memory | 333,00 Mb Available Physical Memory | 37,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 85,34 Gb Total Space | 11,96 Gb Free Space | 14,02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CYRIL
Current User Name: Cyril Jacob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/27 14:30:27 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cyril Jacob\Bureau\OTL.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/05 13:11:39 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/09/05 13:11:39 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/09/05 00:54:42 | 00,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/09/02 14:27:36 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\APPS\skype\Phone\Skype.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/01 17:37:06 | 00,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/03/27 14:54:06 | 00,165,160 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/03/27 14:53:28 | 00,181,544 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/02 12:08:11 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/07/07 07:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/14 03:34:03 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/13 07:49:00 | 00,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/02/04 11:02:14 | 00,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2006/04/27 09:48:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006/02/23 11:09:06 | 00,114,784 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
PRC - [2006/02/23 11:09:04 | 00,266,338 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
PRC - [2006/02/23 11:08:36 | 00,147,456 | ---- | M] (CyberLink Corp.) -- C:\APPS\Powercinema\PCMService.exe
PRC - [2006/02/23 11:08:28 | 01,073,152 | ---- | M] (Cyberlink) -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2005/11/17 08:51:08 | 00,975,360 | ---- | M] (Packard Bell BV) -- C:\APPS\SMP\SMPSYS.EXE
PRC - [2005/10/20 05:15:00 | 00,102,400 | ---- | M] () -- C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
PRC - [2005/10/20 05:15:00 | 00,090,112 | ---- | M] () -- C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
PRC - [2005/07/19 16:32:18 | 00,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/23 19:33:00 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
PRC - [2005/06/08 14:14:44 | 00,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 13:44:56 | 00,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2005/03/10 17:44:34 | 00,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/03/10 17:43:30 | 00,688,218 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2004/04/08 04:25:04 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe
PRC - [2004/02/26 08:52:00 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2002/09/03 10:26:24 | 00,040,960 | ---- | M] (France Telecom) -- C:\Program Files\Messager Wanadoo\Demon.exe


========== Modules (SafeList) ==========

MOD - [2009/12/27 14:30:27 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cyril Jacob\Bureau\OTL.exe
MOD - [2007/02/05 08:29:04 | 00,139,264 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpHookSE4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (mysql)
SRV - File not found [Auto | Stopped] -- -- (Apache2.2)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/05 13:11:39 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/09/05 13:11:39 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/27 14:54:06 | 00,165,160 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/07 07:15:18 | 00,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/02/10 12:16:28 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/04/13 07:49:00 | 00,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2006/04/27 09:48:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006/02/23 11:09:06 | 00,114,784 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/02/23 11:09:04 | 00,266,338 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/02/23 11:08:28 | 01,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/10/20 05:15:00 | 00,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe -- (USBDeviceService)
SRV - [2004/04/08 04:25:04 | 01,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2004/02/26 08:52:00 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003/07/28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV - [2009/12/11 00:06:22 | 00,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/09/05 13:11:39 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/03/30 09:32:47 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:34:33 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2008/04/13 19:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 19:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 17:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/18 15:16:28 | 00,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016obex.sys -- (a016obex)
DRV - [2008/01/18 15:16:26 | 00,110,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016mdm.sys -- (a016mdm)
DRV - [2008/01/18 15:16:26 | 00,104,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016mgmt.sys -- (a016mgmt) Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM)
DRV - [2008/01/18 15:16:24 | 00,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016mdfl.sys -- (a016mdfl)
DRV - [2008/01/18 15:16:22 | 00,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a016bus.sys -- (a016bus) Sony Ericsson Device A016 driver (WDM)
DRV - [2007/11/13 11:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/31 14:09:14 | 00,030,464 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2007/03/08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/08/10 18:34:08 | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/06/30 19:13:04 | 00,226,048 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2006/06/18 22:40:44 | 00,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/06 11:09:26 | 04,284,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/27 09:48:00 | 03,659,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/03/07 05:49:36 | 00,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/03/04 06:31:04 | 00,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/04 06:31:02 | 00,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/11/19 02:13:18 | 00,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2005/05/27 08:32:52 | 01,317,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2005/05/27 08:31:28 | 00,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/03/10 17:31:40 | 00,189,408 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/01/07 16:07:16 | 00,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/05 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/08/04 15:22:44 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2003/01/10 15:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/06/06 10:14:32 | 00,053,168 | ---- | M] (THOMSON multimedia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2002/06/06 10:14:30 | 00,743,136 | ---- | M] (THOMSON multimedia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2001/08/23 16:04:44 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 21:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Pilote de filtrage Sony USB (SONYPVU1)
DRV - [2001/08/17 21:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 21:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 21:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 21:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 21:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 20:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 20:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 20:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 20:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 20:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 20:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 20:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 20:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 20:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3848972049-3944287781-1179613336-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKU\S-1-5-21-3848972049-3944287781-1179613336-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3848972049-3944287781-1179613336-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-3848972049-3944287781-1179613336-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE EF DA 1E 7E 73 CA 01 [binary data]
IE - HKU\S-1-5-21-3848972049-3944287781-1179613336-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3848972049-3944287781-1179613336-1006\S-1-5-21-3848972049-3944287781-1179613336-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3848972049-3944287781-1179613336-1006\S-1-5-21-3848972049-3944287781-1179613336-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.symbaloo.com/fr/"
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.04
FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.5.2
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:3.4
FF - prefs.js..extensions.enabledItems: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}:2.0.5
FF - prefs.js..extensions.enabledItems: {DA144265-8D9B-4380-B8F7-9F85E2C37D05}:0.7.4.75
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:1.0.10
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox 2 Beta 2\components [2009/12/24 18:02:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox 2 Beta 2\plugins [2009/12/24 18:02:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/09/21 12:33:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/06/18 06:53:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyril Jacob\Application Data\Mozilla\Extensions
[2009/12/28 19:56:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyril Jacob\Application Data\Mozilla\Firefox\Profiles\17swegg3.default\extensions
[2009/11/23 23:45:55 | 00,000,000 | ---D | M] (Resurrect Pages) -- C:\Documents and Settings\Cyril Jacob\Application Data\Mozilla\Firefox\Profiles\17swegg3.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
[2009/12/13 12:38:36 | 00,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Cyril Jacob\Application Data\Mozilla\Firefox\Profiles\17swegg3.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/09/14 17:20:14 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cyril Jacob\Application Data\Mozilla\Firefox\Profiles\17swegg3.default\extensions\{DA144265-8D9B-4380-B8F7-9F85E2C37D05}
[2009/12/12 11:54:03 | 00,000,000 | ---D | M] (FoxLingo) -- C:\Documents and Settings\Cyril Jacob\Application Data\Mozilla\Firefox\Profiles\17swegg3.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2009/11/24 20:47:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyril Jacob\Application Data\Mozilla\Firefox\Profiles\17swegg3.default\extensions\illimitux@illimitux.net
[2009/05/09 07:19:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyril Jacob\Application Data\Mozilla\Firefox\Profiles\17swegg3.default\extensions\zotero@chnm.gmu.edu
[2009/12/27 14:31:59 | 00,001,485 | ---- | M] () -- C:\Documents and Settings\Cyril Jacob\Application Data\Mozilla\Firefox\Profiles\17swegg3.default\searchplugins\altavista-france.xml
[2009/02/02 08:47:59 | 00,005,491 | ---- | M] () -- C:\Documents and Settings\Cyril Jacob\Application Data\Mozilla\Firefox\Profiles\17swegg3.default\searchplugins\dailymotion.xml
[2008/05/26 23:51:31 | 00,002,035 | ---- | M] () -- C:\Documents and Settings\Cyril Jacob\Application Data\Mozilla\Firefox\Profiles\17swegg3.default\searchplugins\exalead.xml
[2009/03/17 00:06:49 | 00,001,537 | ---- | M] () -- C:\Documents and Settings\Cyril Jacob\Application Data\Mozilla\Firefox\Profiles\17swegg3.default\searchplugins\ixquick---francais.xml
[2009/12/27 14:32:00 | 00,001,958 | ---- | M] () -- C:\Documents and Settings\Cyril Jacob\Application Data\Mozilla\Firefox\Profiles\17swegg3.default\searchplugins\kartoo-fr-html.xml
[2009/02/02 08:47:34 | 00,002,120 | ---- | M] () -- C:\Documents and Settings\Cyril Jacob\Application Data\Mozilla\Firefox\Profiles\17swegg3.default\searchplugins\recherche-de-vidos-youtube.xml

O1 HOSTS File: (292848 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 10080 more lines...
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3848972049-3944287781-1179613336-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-3848972049-3944287781-1179613336-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Demon] C:\Program Files\Messager Wanadoo\Demon.exe (France Telecom)
O4 - HKLM..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PCMService] c:\APPS\Powercinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Raccourci vers la page des propriétés de High Definition Audio] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-3848972049-3944287781-1179613336-1006..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-3848972049-3944287781-1179613336-1006..\Run: [richtx64.exe] C:\DOCUME~1\CYRILJ~1\LOCALS~1\Temp\richtx64.exe File not found
O4 - HKU\S-1-5-21-3848972049-3944287781-1179613336-1006..\Run: [Skype] C:\APPS\skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-3848972049-3944287781-1179613336-1006..\Run: [SmpcSys] C:\APPS\SMP\SMPSYS.EXE (Packard Bell BV)
O4 - HKU\S-1-5-21-3848972049-3944287781-1179613336-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3848972049-3944287781-1179613336-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3848972049-3944287781-1179613336-1006\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{51fb4121-38cf-11de-ae12-001060fb4a5e}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{51fb4121-38cf-11de-ae12-001060fb4a5e}\Shell\open\Command - "" = rundll32.exe .\\dfrnres.dll,InstallM
O33 - MountPoints2\{ff5b9406-dfca-11dd-ad37-001060fb4a5e}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{ff5b9406-dfca-11dd-ad37-001060fb4a5e}\Shell\open\Command - "" = rundll32.exe .\\jgas400.dll,InstallM
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
O33 - MountPoints2\E\Shell\Install\command - "" = E:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (on\E) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/28 19:43:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/28 19:40:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/12/27 15:57:09 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Cyril Jacob\Recent
[2009/12/27 14:30:42 | 04,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Cyril Jacob\Bureau\mbam-setup.exe
[2009/12/27 14:30:25 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cyril Jacob\Bureau\OTL.exe
[2009/12/04 16:34:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cyril Jacob\Application Data\dBpoweramp
[2009/12/04 16:33:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cyril Jacob\Application Data\AccurateRip
[2009/12/04 16:31:37 | 00,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2009/12/04 16:30:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/12/04 16:30:29 | 00,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2009/12/04 16:30:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Cyril Jacob\Application Data\NCH Swift Sound
[2008/03/19 09:14:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/04/16 11:09:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2004/08/16 17:18:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/08/16 16:54:32 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/28 19:36:54 | 00,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DF06E5B9-E291-489E-BEF1-81B5C73B5B6D}.job
[2009/12/28 19:35:00 | 00,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/12/28 19:34:44 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/28 19:33:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/28 19:32:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/28 19:32:53 | 93,904,4864 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/27 16:00:40 | 15,204,352 | -H-- | M] () -- C:\Documents and Settings\Cyril Jacob\NTUSER.DAT
[2009/12/27 16:00:40 | 00,000,284 | -HS- | M] () -- C:\Documents and Settings\Cyril Jacob\ntuser.ini
[2009/12/27 15:58:57 | 00,012,430 | ---- | M] () -- C:\Documents and Settings\Cyril Jacob\Mes documents\cc_20091227_155846.reg
[2009/12/27 14:45:09 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/12/27 14:33:22 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Cyril Jacob\Bureau\mbam-setup.exe
[2009/12/27 14:30:27 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cyril Jacob\Bureau\OTL.exe
[2009/12/27 14:06:28 | 00,048,128 | ---- | M] () -- C:\Documents and Settings\Cyril Jacob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/27 01:54:05 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009/12/20 22:03:10 | 04,275,362 | -H-- | M] () -- C:\Documents and Settings\Cyril Jacob\Local Settings\Application Data\IconCache.db
[2009/12/12 15:03:39 | 00,003,531 | ---- | M] () -- C:\Documents and Settings\Cyril Jacob\.recently-used.xbel
[2009/12/11 00:06:22 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/12/09 08:26:24 | 01,129,262 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/09 08:26:24 | 00,513,736 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009/12/09 08:26:24 | 00,444,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/09 08:26:24 | 00,085,842 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009/12/09 08:26:24 | 00,072,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/04 16:33:15 | 00,014,373 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2009/12/04 16:32:57 | 00,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2009/12/04 16:32:47 | 05,433,520 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2009/12/04 16:30:33 | 00,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Switch Sound File Converter.lnk
[2009/12/04 10:09:02 | 00,003,258 | ---- | M] () -- C:\Documents and Settings\Cyril Jacob\Mes documents\cc_20091204_100856.reg
[2009/12/04 10:07:58 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Cyril Jacob\Bureau\CCleaner.lnk
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/30 13:18:05 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/27 15:58:49 | 00,012,430 | ---- | C] () -- C:\Documents and Settings\Cyril Jacob\Mes documents\cc_20091227_155846.reg
[2009/12/27 15:45:49 | 93,904,4864 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/27 14:45:09 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/12/25 02:33:50 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009/12/12 15:03:39 | 00,003,531 | ---- | C] () -- C:\Documents and Settings\Cyril Jacob\.recently-used.xbel
[2009/12/04 16:33:15 | 00,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2009/12/04 16:33:15 | 00,014,373 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2009/12/04 16:30:33 | 00,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Switch Sound File Converter.lnk
[2009/12/04 10:08:59 | 00,003,258 | ---- | C] () -- C:\Documents and Settings\Cyril Jacob\Mes documents\cc_20091204_100856.reg
[2009/09/25 21:13:29 | 31,892,7645 | ---- | C] () -- C:\Program Files\quake_3_arena_oa081.zip
[2009/09/15 13:06:15 | 00,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/09/15 13:06:14 | 01,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2009/09/15 12:41:37 | 00,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009/02/07 10:35:46 | 00,000,318 | ---- | C] () -- C:\WINDOWS\System32\IWNGFMF.DRV
[2009/02/07 10:35:31 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\Vbis4032.dll
[2009/02/07 10:21:14 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008/09/27 14:56:55 | 00,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/02/26 23:39:22 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2008/02/26 23:39:22 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007/10/22 18:37:05 | 00,000,121 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2007/07/29 14:45:36 | 00,000,187 | ---- | C] () -- C:\WINDOWS\RELATION.INI
[2007/04/29 17:56:31 | 00,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2007/04/28 14:41:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DXINFO.INI
[2007/02/16 20:48:06 | 00,000,283 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/10/07 20:49:28 | 00,000,785 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2006/10/07 20:49:23 | 00,000,503 | ---- | C] () -- C:\WINDOWS\CDRip.INI
[2006/10/07 20:49:11 | 00,151,040 | ---- | C] () -- C:\WINDOWS\System32\wimadll.dll
[2006/10/02 14:04:29 | 00,002,048 | ---- | C] () -- C:\Documents and Settings\Cyril Jacob\Application Data\user60.rdb
[2006/10/02 14:04:29 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Cyril Jacob\Application Data\sversion.ini
[2006/09/23 07:45:43 | 00,005,607 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2006/09/23 07:45:12 | 00,006,414 | ---- | C] () -- C:\WINDOWS\Messager Wanadoo.ini
[2006/09/20 17:16:36 | 00,048,128 | ---- | C] () -- C:\Documents and Settings\Cyril Jacob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/17 08:44:21 | 00,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/16 16:18:41 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Cyril Jacob\Local Settings\Application Data\fusioncache.dat
[2006/08/10 19:05:35 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/10 18:48:06 | 00,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2006/08/10 18:43:23 | 00,000,602 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2006/08/10 18:37:29 | 00,000,123 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/08/10 18:34:55 | 00,007,604 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2006/08/10 18:24:11 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/08/10 18:23:19 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/10 18:23:19 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/10 18:23:19 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/10 18:23:19 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/10 18:23:18 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/23 13:24:10 | 00,006,399 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/12 11:23:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/16 17:25:16 | 00,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/01 09:58:02 | 00,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1997/06/13 12:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Cyril Jacob\Mes documents\fly 29 mars.psd:SummaryInformation
<End>
Cyril
 
Messages: 11
Inscription: 28 Déc 2009, 19:53

Messagede Cyril » 28 Déc 2009, 21:08

Je ne trouve pas le fichier Extras.txt sur le bureau. Je vous envoie donc le rapport Extras.txt fait hier (27/12/09) en mode sans echec dans la session admin que j'avais fait sans lire les consignes.
Cyril
 
Messages: 11
Inscription: 28 Déc 2009, 19:53

Messagede Cyril » 28 Déc 2009, 21:08

OTL Extras logfile created on: 27/12/2009 15:41:10 - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

895,00 Mb Total Physical Memory | 686,00 Mb Available Physical Memory | 77,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 95,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 85,34 Gb Total Space | 12,75 Gb Free Space | 14,94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CYRIL
Current User Name: Administrateur
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 2 Beta 2\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox 2 Beta 2\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox 2 Beta 2\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"14515:TCP" = 14515:TCP:*:Enabled:BitComet 14515 TCP
"14515:UDP" = 14515:UDP:*:Enabled:BitComet 14515 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%ProgramFiles%\AOL 9.0\aol.exe" = %ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL -- (America Online, Inc.)
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe" = %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA -- File not found
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe" = %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:PANDORA -- File not found
"C:\APPS\Inventime\my.exe" = C:\APPS\Inventime\my.exe:*:Enabled:INVENTIME -- File not found
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- File not found
"C:\xampplite\apache\bin\apache.exe" = C:\xampplite\apache\bin\apache.exe:*:Enabled:Apache HTTP Server -- File not found
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Mozilla Firefox 2 Beta 2\firefox.exe" = C:\Program Files\Mozilla Firefox 2 Beta 2\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"F:\Quake III Arena\quake3.exe" = F:\Quake III Arena\quake3.exe:*:Enabled:quake3 -- File not found
"C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe" = C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II -- File not found
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\quake_3_arena_oa081\openarena-0.8.1\openarena.exe" = C:\Program Files\quake_3_arena_oa081\openarena-0.8.1\openarena.exe:*:Enabled:openarena -- ()
"C:\APPS\skype\Phone\Skype.exe" = C:\APPS\skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series" = Canon MP520 series
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{4BDB76C6-902E-41D5-9064-68768E02886B}" = Adobe Dreamweaver CS3
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Edition Découverte 3.0
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6860B340-530D-46B3-91F8-1AE1F70F7C33}" = OpenOffice.org 3.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = Panneau de configuration MobileMe
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9112040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1036-7B44-A81200000003}" = Adobe Reader 8.1.2 - Français
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB6D4A78-4BDB-4FBD-81CB-00DC2FC2BF41}" = Seagate Manager Installer
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logiciel QuickCam de Logitech
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2E18162-47FB-4216-8AB3-F420C1AF75A4}" = Adobe Setup
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Codeur Windows Media Série 9
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"Ableton Live v5.0.3" = Ableton Live v5.0.3
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_ad19d2ae8332572b119cf35fd0a30d8" = Adobe Dreamweaver CS3
"Applian FLV Player2.0.23" = Applian FLV Player
"Audacity_is1" = Audacity 1.2.6
"AVIConverter" = AVIConverter 5.1
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Enregistrement utilisateur de Canon MP520 series" = Enregistrement utilisateur de Canon MP520 series
"FileZilla Client" = FileZilla Client 3.1.3.1
"Guitar Pro 5_is1" = Guitar Pro 5.0
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{BB6D4A78-4BDB-4FBD-81CB-00DC2FC2BF41}" = Seagate Manager Installer
"IZArc 3.5 beta 3_is1" = IZArc 3.5 beta 3
"La boite a couleurs_is1" = La boite a couleurs version 1.6.15
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messager Wanadoo" = Messager Wanadoo
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"QcDrv" = Programme de gestion Camera de Logitech®
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Spotify" = Spotify
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"UsbFix" = UsbFix
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"VLC media player" = VideoLAN VLC media player 0.8.5
"VSO Media Player_is1" = VSO Media Player
"Win Généalogic 2005" = Win Généalogic 2005
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = Gimp 2.6.1
"WinLiveSuite_Wave3" = Installation Windows Live
"Wisdom-soft ScreenHunter 5.1 Free" = Wisdom-soft ScreenHunter 5.1 Free
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XMind" = XMind
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/10/2009 03:23:27 | Computer Name = CYRIL | Source = Windows Live Mail | ID = 1000
Description =

Error - 11/10/2009 05:21:37 | Computer Name = CYRIL | Source = Application Hang | ID = 1002
Description = Application bloquée wmplayer.exe, version 11.0.5721.5145, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 12/10/2009 04:42:23 | Computer Name = CYRIL | Source = Application Hang | ID = 1002
Description = Application bloquée SEPCSuite.exe, version 0.4.0.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 23/10/2009 13:06:20 | Computer Name = CYRIL | Source = Application Error | ID = 1000
Description = Application défaillante wlmail.exe, version 14.0.8089.726, module
défaillant unknown, version 0.0.0.0, adresse de défaillance 0xf1eef1ee.

Error - 06/11/2009 09:45:46 | Computer Name = CYRIL | Source = Application Error | ID = 1000
Description = Application défaillante wlmail.exe, version 14.0.8089.726, module
défaillant unknown, version 0.0.0.0, adresse de défaillance 0xf1eef1ee.

Error - 13/11/2009 07:50:23 | Computer Name = CYRIL | Source = Application Hang | ID = 1002
Description = Application bloquée AcroRd32.exe, version 8.1.0.137, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 13/11/2009 07:50:23 | Computer Name = CYRIL | Source = Application Hang | ID = 1002
Description = Application bloquée AcroRd32.exe, version 8.1.0.137, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 16/11/2009 16:48:07 | Computer Name = CYRIL | Source = Application Error | ID = 1000
Description = Application défaillante acrord32.exe, version 8.1.0.137, module défaillant
unknown, version 0.0.0.0, adresse de défaillance 0x24005bb1.

Error - 16/11/2009 17:04:31 | Computer Name = CYRIL | Source = Application Hang | ID = 1002
Description = Application bloquée PowerCinema.exe, version 4.5.0.1719, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 16/11/2009 17:14:32 | Computer Name = CYRIL | Source = Application Hang | ID = 1002
Description = Application bloquée PowerCinema.exe, version 4.5.0.1719, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

[ System Events ]
Error - 27/12/2009 09:44:33 | Computer Name = CYRIL | Source = Service Control Manager | ID = 7001
Description = Le service Apple Mobile Device dépend du service Pilote du protocole
TCP/IP qui n'a pas pu démarrer en raison de l'erreur : %%31

Error - 27/12/2009 09:44:33 | Computer Name = CYRIL | Source = Service Control Manager | ID = 7001
Description = Le service Service Bonjour dépend du service Pilote du protocole TCP/IP
qui n'a pas pu démarrer en raison de l'erreur : %%31

Error - 27/12/2009 09:44:33 | Computer Name = CYRIL | Source = Service Control Manager | ID = 7001
Description = Le service Services IPSEC dépend du service Pilote IPSEC qui n'a pas
pu démarrer en raison de l'erreur : %%31

Error - 27/12/2009 09:44:33 | Computer Name = CYRIL | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : AFD AmdK8 avgio avipbb Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip

Error - 27/12/2009 09:45:13 | Computer Name = CYRIL | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman
avec les arguments "" pour démarrer le serveur : {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 27/12/2009 09:48:27 | Computer Name = CYRIL | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc
avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 27/12/2009 09:48:27 | Computer Name = CYRIL | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc
avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 27/12/2009 09:49:25 | Computer Name = CYRIL | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc
avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 27/12/2009 09:49:55 | Computer Name = CYRIL | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc
avec les arguments "" pour démarrer le serveur : {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 27/12/2009 10:27:30 | Computer Name = CYRIL | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman
avec les arguments "" pour démarrer le serveur : {BA126AE5-2166-11D1-B1D0-00805FC1270E}


<End>
Cyril
 
Messages: 11
Inscription: 28 Déc 2009, 19:53

Messagede nickW » 28 Déc 2009, 22:11

Bonsoir,

Peux-tu faire ce qui suit:

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec)
Sous Windows XP, pour vérifier si un compte a les droits "Administrateur":
Démarrer---->Paramètres---->Panneau de configuration---->Comptes d'utilisateurs
A côté de l'icône représentant certains comptes (hormis celui nommé "Administrateur"), il est indiqué "Administrateur de l'ordinateur"
C'est l'un de ces comptes qu'il faudra utiliser.




Étape 1: rkill (de Grinler), téléchargement
Télécharger rkill depuis l'un des liens ci-dessous:

Lien 1
Lien 2
Lien 3
Lien 4

Enregistrer le fichier sur le Bureau.


Étape 2: Pas de processus de contrôle d'intégrité
Désactiver TeaTimer de Spybot-S&D.
Dans la SysBarre (zone située juste à gauche de l'horloge) faire un clic droit sur l'icône du Résident de Spybot-S&D et choisir "Quitter Résident de Spybot-S&D".
Lancer Spybot-S&D, Mode avancé, Outils, Résident, décocher la case située devant TeaTimer. Fermer Spybot-S&D.
Faire redémarrer le PC.
Note:
Il ne faut pas réactiver TeaTimer avant la fin du nettoyage du PC (je te dirai quand le faire).


Étape 3: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "Activer Antivir Guard/AntiVir Guard enable"


Étape 4: rkill (de Grinler), exécution
Faire un double clic sur le fichier rkill téléchargé pour lancer l'outil.

Une fenêtre à fond noir va apparaître brièvement, puis disparaître.

Si rien ne se passe, ou si l'outil ne se lance pas, télécharger l'outil depuis un autre des quatre liens ci-dessus et faire une nouvelle tentative d'exécution.

Si aucun des outils téléchargés depuis les quatre liens ci-dessus ne semble fonctionner, ne pas continuer le nettoyage, et me prévenir sur le forum.


Étape 5: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats".

Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection"
Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 6: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 7: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Quick Scan:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 8: Résultats
Envoyer en réponse:
*- le log de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du log):
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede Cyril » 29 Déc 2009, 20:57

Évolution des symptômes:

Mon PC semble marcher bien mieux.

Antivir ne trouve plus de virus
il n'y a plus d'alerte bizarres dans la SysBarre
Ni de liens vers des sites pornos sur mon bureau.

voilà le rapport MAM

Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3450
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29/12/2009 20:39:28
mbam-log-2009-12-29 (20-39-28).txt

Type de recherche: Examen rapide
Eléments examinés: 120359
Temps écoulé: 6 minute(s), 3 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\richtx64.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Cyril Jacob\Local Settings\Temp\H8SRT43c.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyril Jacob\Local Settings\Temp\H8SRT8817.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyril Jacob\Local Settings\Temp\H8SRT44c.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyril Jacob\Local Settings\Temp\H8SRT8827.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
Cyril
 
Messages: 11
Inscription: 28 Déc 2009, 19:53

Messagede Cyril » 29 Déc 2009, 20:58

OTL logfile created on: 29/12/2009 20:43:18 - Run 3
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Cyril Jacob\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

895,00 Mb Total Physical Memory | 435,00 Mb Available Physical Memory | 49,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 85,34 Gb Total Space | 11,95 Gb Free Space | 14,00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CYRIL
Current User Name: Cyril Jacob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/27 14:30:27 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cyril Jacob\Bureau\OTL.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/05 13:11:39 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/09/05 13:11:39 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/09/05 00:54:42 | 00,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/09/02 14:27:36 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\APPS\skype\Phone\Skype.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/27 14:54:06 | 00,165,160 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/03/27 14:53:28 | 00,181,544 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/03/02 12:08:11 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/07/07 07:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/14 03:34:03 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/13 07:49:00 | 00,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/02/04 11:02:14 | 00,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2006/02/23 11:09:06 | 00,114,784 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
PRC - [2006/02/23 11:09:04 | 00,266,338 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
PRC - [2006/02/23 11:08:36 | 00,147,456 | ---- | M] (CyberLink Corp.) -- C:\APPS\Powercinema\PCMService.exe
PRC - [2006/02/23 11:08:28 | 01,073,152 | ---- | M] (Cyberlink) -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2005/11/17 08:51:08 | 00,975,360 | ---- | M] (Packard Bell BV) -- C:\APPS\SMP\SMPSYS.EXE
PRC - [2005/10/20 05:15:00 | 00,102,400 | ---- | M] () -- C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
PRC - [2005/10/20 05:15:00 | 00,090,112 | ---- | M] () -- C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
PRC - [2005/07/19 16:32:18 | 00,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/23 19:33:00 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
PRC - [2005/06/08 14:14:44 | 00,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 13:44:56 | 00,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2005/03/10 17:44:34 | 00,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/03/10 17:43:30 | 00,688,218 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2004/04/08 04:25:04 | 01,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe
PRC - [2004/02/26 08:52:00 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2002/09/03 10:26:24 | 00,040,960 | ---- | M] (France Telecom) -- C:\Program Files\Messager Wanadoo\Demon.exe


========== Modules (SafeList) ==========

MOD - [2009/12/27 14:30:27 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cyril Jacob\Bureau\OTL.exe
MOD - [2007/02/05 08:29:04 | 00,139,264 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpHookSE4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (mysql)
SRV - File not found [Auto | Stopped] -- -- (Apache2.2)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/05 13:11:39 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/09/05 13:11:39 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/27 14:54:06 | 00,165,160 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/07 07:15:18 | 00,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/02/10 12:16:28 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/04/13 07:49:00 | 00,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2006/04/27 09:48:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006/02/23 11:09:06 | 00,114,784 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/02/23 11:09:04 | 00,266,338 | ---- | M] () [Auto | Running] -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/02/23 11:08:28 | 01,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/10/20 05:15:00 | 00,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe -- (USBDeviceService)
SRV - [2004/04/08 04:25:04 | 01,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2004/02/26 08:52:00 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003/07/28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE EF DA 1E 7E 73 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.symbaloo.com/fr/"
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.04
FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.5.2
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:3.4
FF - prefs.js..extensions.enabledItems: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}:2.0.5
FF - prefs.js..extensions.enabledItems: {DA144265-8D9B-4380-B8F7-9F85E2C37D05}:0.7.4.75
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:1.0.10
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox 2 Beta 2\components [2009/12/24 18:02:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox 2 Beta 2\plugins [2009/12/24 18:02:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/09/21 12:33:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/06/18 06:53:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyril Jacob\Application Data\Mozilla\Extensions
[2009/12/29 20:10:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyril Jacob\Application Data\Mozilla\Firefox\Profiles\17swegg3.default\extensions
[2009/11/23 23:45:55 | 00,000,000 | ---D | M] (Resurrect Pages) -- C:\Documents and Settings\Cyril Jacob\Application Data\Mozilla\Firefox\Profiles\17swegg3.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
[2009/12/13 12:38:36 | 00,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Cyril Jacob\Application Data\Mozilla\Firefox\Profiles\17swegg3.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/09/14 17:20:14 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cyril Jacob\Application Data\Mozilla\Firefox\Profiles\17swegg3.default\extensions\{DA144265-8D9B-4380-B8F7-9F85E2C37D05}
[2009/12/12 11:54:03 | 00,000,000 | ---D | M] (FoxLingo) -- C:\Documents and Settings\Cyril Jacob\Application Data\Mozilla\Firefox\Profiles\17swegg3.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2009/11/24 20:47:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyril Jacob\Application Data\Mozilla\Firefox\Profiles\17swegg3.default\extensions\illimitux@illimitux.net
[2009/05/09 07:19:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyril Jacob\Application Data\Mozilla\Firefox\Profiles\17swegg3.default\extensions\zotero@chnm.gmu.edu
[2009/12/27 14:31:59 | 00,001,485 | ---- | M] () -- C:\Documents and Settings\Cyril Jacob\Application Data\Mozilla\Firefox\Profiles\17swegg3.default\searchplugins\altavista-france.xml
[2009/02/02 08:47:59 | 00,005,491 | ---- | M] () -- C:\Documents and Settings\Cyril Jacob\Application Data\Mozilla\Firefox\Profiles\17swegg3.default\searchplugins\dailymotion.xml
[2008/05/26 23:51:31 | 00,002,035 | ---- | M] () -- C:\Documents and Settings\Cyril Jacob\Application Data\Mozilla\Firefox\Profiles\17swegg3.default\searchplugins\exalead.xml
[2009/03/17 00:06:49 | 00,001,537 | ---- | M] () -- C:\Documents and Settings\Cyril Jacob\Application Data\Mozilla\Firefox\Profiles\17swegg3.default\searchplugins\ixquick---francais.xml
[2009/12/27 14:32:00 | 00,001,958 | ---- | M] () -- C:\Documents and Settings\Cyril Jacob\Application Data\Mozilla\Firefox\Profiles\17swegg3.default\searchplugins\kartoo-fr-html.xml
[2009/02/02 08:47:34 | 00,002,120 | ---- | M] () -- C:\Documents and Settings\Cyril Jacob\Application Data\Mozilla\Firefox\Profiles\17swegg3.default\searchplugins\recherche-de-vidos-youtube.xml

O1 HOSTS File: (292848 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 10080 more lines...
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Demon] C:\Program Files\Messager Wanadoo\Demon.exe (France Telecom)
O4 - HKLM..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PCMService] c:\APPS\Powercinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Raccourci vers la page des propriétés de High Definition Audio] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [Skype] C:\APPS\skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [SmpcSys] C:\APPS\SMP\SMPSYS.EXE (Packard Bell BV)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{51fb4121-38cf-11de-ae12-001060fb4a5e}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{51fb4121-38cf-11de-ae12-001060fb4a5e}\Shell\open\Command - "" = rundll32.exe .\\dfrnres.dll,InstallM
O33 - MountPoints2\{ff5b9406-dfca-11dd-ad37-001060fb4a5e}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{ff5b9406-dfca-11dd-ad37-001060fb4a5e}\Shell\open\Command - "" = rundll32.exe .\\jgas400.dll,InstallM
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
O33 - MountPoints2\E\Shell\Install\command - "" = E:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (on\E) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/28 19:43:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/28 19:40:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/12/27 15:57:09 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Cyril Jacob\Recent
[2009/12/27 14:30:42 | 04,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Cyril Jacob\Bureau\mbam-setup.exe
[2009/12/27 14:30:25 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cyril Jacob\Bureau\OTL.exe
[2008/03/19 09:14:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/04/16 11:09:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2004/08/16 17:18:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/08/16 16:54:32 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/29 20:42:36 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/29 20:42:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/29 20:42:05 | 00,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/12/29 20:41:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/29 20:41:50 | 93,904,4864 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/29 20:40:41 | 15,204,352 | -H-- | M] () -- C:\Documents and Settings\Cyril Jacob\NTUSER.DAT
[2009/12/29 20:40:41 | 00,000,284 | -HS- | M] () -- C:\Documents and Settings\Cyril Jacob\ntuser.ini
[2009/12/29 20:04:02 | 00,262,656 | ---- | M] () -- C:\Documents and Settings\Cyril Jacob\Bureau\rkill.pif
[2009/12/29 19:59:15 | 00,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DF06E5B9-E291-489E-BEF1-81B5C73B5B6D}.job
[2009/12/27 15:58:57 | 00,012,430 | ---- | M] () -- C:\Documents and Settings\Cyril Jacob\Mes documents\cc_20091227_155846.reg
[2009/12/27 14:45:09 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/12/27 14:33:22 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Cyril Jacob\Bureau\mbam-setup.exe
[2009/12/27 14:30:27 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cyril Jacob\Bureau\OTL.exe
[2009/12/27 14:06:28 | 00,048,128 | ---- | M] () -- C:\Documents and Settings\Cyril Jacob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/27 01:54:05 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009/12/20 22:03:10 | 04,275,362 | -H-- | M] () -- C:\Documents and Settings\Cyril Jacob\Local Settings\Application Data\IconCache.db
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/29 20:04:01 | 00,262,656 | ---- | C] () -- C:\Documents and Settings\Cyril Jacob\Bureau\rkill.pif
[2009/12/27 15:58:49 | 00,012,430 | ---- | C] () -- C:\Documents and Settings\Cyril Jacob\Mes documents\cc_20091227_155846.reg
[2009/12/27 15:45:49 | 93,904,4864 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/27 14:45:09 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/12/25 02:33:50 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009/09/25 21:13:29 | 31,892,7645 | ---- | C] () -- C:\Program Files\quake_3_arena_oa081.zip
[2009/09/15 13:06:15 | 00,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/09/15 13:06:14 | 01,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2009/09/15 12:41:37 | 00,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009/02/07 10:35:46 | 00,000,318 | ---- | C] () -- C:\WINDOWS\System32\IWNGFMF.DRV
[2009/02/07 10:35:31 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\Vbis4032.dll
[2009/02/07 10:21:14 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008/09/27 14:56:55 | 00,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/02/26 23:39:22 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2008/02/26 23:39:22 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007/10/22 18:37:05 | 00,000,121 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2007/07/29 14:45:36 | 00,000,187 | ---- | C] () -- C:\WINDOWS\RELATION.INI
[2007/04/29 17:56:31 | 00,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2007/04/28 14:41:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\DXINFO.INI
[2007/02/16 20:48:06 | 00,000,283 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/10/07 20:49:28 | 00,000,785 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2006/10/07 20:49:23 | 00,000,503 | ---- | C] () -- C:\WINDOWS\CDRip.INI
[2006/10/07 20:49:11 | 00,151,040 | ---- | C] () -- C:\WINDOWS\System32\wimadll.dll
[2006/10/02 14:04:29 | 00,002,048 | ---- | C] () -- C:\Documents and Settings\Cyril Jacob\Application Data\user60.rdb
[2006/10/02 14:04:29 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Cyril Jacob\Application Data\sversion.ini
[2006/09/23 07:45:43 | 00,005,607 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2006/09/23 07:45:12 | 00,006,414 | ---- | C] () -- C:\WINDOWS\Messager Wanadoo.ini
[2006/09/20 17:16:36 | 00,048,128 | ---- | C] () -- C:\Documents and Settings\Cyril Jacob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/17 08:44:21 | 00,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/16 16:18:41 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Cyril Jacob\Local Settings\Application Data\fusioncache.dat
[2006/08/10 19:05:35 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/10 18:48:06 | 00,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2006/08/10 18:43:23 | 00,000,602 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2006/08/10 18:37:29 | 00,000,123 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/08/10 18:34:55 | 00,007,604 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2006/08/10 18:24:11 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/08/10 18:23:19 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/10 18:23:19 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/10 18:23:19 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/10 18:23:19 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/10 18:23:18 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/23 13:24:10 | 00,006,399 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/12 11:23:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/16 17:25:16 | 00,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/01 09:58:02 | 00,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1997/06/13 12:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2008/09/27 14:48:52 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/10/28 17:07:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2009/12/04 16:30:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2006/08/10 18:41:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OD2
[2008/09/27 14:56:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/07/11 12:38:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2006/08/10 18:43:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2006/08/10 18:34:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/09/21 12:37:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2006/10/07 10:21:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyril Jacob\Application Data\Ableton
[2008/12/14 16:46:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyril Jacob\Application Data\Canon
[2009/12/04 16:34:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyril Jacob\Application Data\dBpoweramp
[2009/10/27 13:21:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyril Jacob\Application Data\FileZilla
[2009/12/12 15:03:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyril Jacob\Application Data\gtk-2.0
[2009/11/05 16:03:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyril Jacob\Application Data\ijjigame
[2007/05/13 16:56:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyril Jacob\Application Data\InterTrust
[2006/09/17 07:28:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyril Jacob\Application Data\Leadertech
[2009/12/04 16:30:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyril Jacob\Application Data\NCH Swift Sound
[2006/11/01 22:58:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyril Jacob\Application Data\Norman
[2006/09/16 17:51:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyril Jacob\Application Data\OD2
[2009/09/27 22:37:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyril Jacob\Application Data\OpenArena
[2008/12/27 16:42:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyril Jacob\Application Data\OpenOffice.org
[2009/09/25 21:12:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyril Jacob\Application Data\Quake3
[2008/09/27 14:56:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyril Jacob\Application Data\ScanSoft
[2009/12/25 19:23:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyril Jacob\Application Data\Spotify
[2007/11/22 12:39:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyril Jacob\Application Data\Thunderbird
[2008/03/01 09:50:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyril Jacob\Application Data\Ulead Systems
[2009/11/05 20:36:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyril Jacob\Application Data\uTorrent
[2008/08/24 13:18:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyril Jacob\Application Data\Viewpoint
[2009/07/15 23:40:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Cyril Jacob\Application Data\XMind
[2009/12/29 19:59:15 | 00,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{DF06E5B9-E291-489E-BEF1-81B5C73B5B6D}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Cyril Jacob\Mes documents\fly 29 mars.psd:SummaryInformation
<End>
Cyril
 
Messages: 11
Inscription: 28 Déc 2009, 19:53

Messagede nickW » 30 Déc 2009, 00:22

Bonsoir,

Nouvelles analyses (vérification du nettoyage):


Je te conseille d'imprimer la procédure ou d'en sélectionner toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC (Note: tu n'auras pas accès à Internet ni au navigateur lors de l'étape 5).
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscur, demande des explications avant de commencer la désinfection.



Étape 1: MBR rootkit detector (de Gmer), téléchargement
Télécharger mbr.exe depuis la page http://www.gmer.net/#files
Enregistrer le fichier sur le Bureau.


Étape 2: Gmer
Télécharger le programme exécutable (fichier .exe) depuis la page http://www.gmer.net/#files
Cliquer sur le bouton Download EXE.
Enregistrer le fichier à la racine du disque système (généralement C: ) en notant son nom (qui est aléatoire).


Étape 3: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "Activer Antivir Guard/AntiVir Guard enable"


Étape 4: MBR rootkit detector (de Gmer), exécution
Faire un double clic sur mbr.exe pour lancer l'outil.
Une fenêtre à fond noir va s'ouvrir, puis se fermer rapidement.


Étape 5: Gmer

Fermer absolument toutes les applications, les connexions et les navigateurs.

Faire un double clic sur le fichier au nom aléatoire téléchargé précédemment.

Attendre quelques instants le chargement et les premières recherches.

Si l'outil affiche un "Warning" de détection d'une activité de rootkit et proposant d'exécuter un scan, cliquer sur NO.

Vérifier que toutes les cases de la colonne de droite sont cochées sauf
Sections
AT/EAT
les lecteurs autres que C:\
"Show all"

comme ceci:
Image

puis cliquer sur le bouton Scan.

Attendre sans rien faire d'autre (... c'est un peu long... 10 minutes ou +).
Les clés de Registre & fichiers scannés s'affichent en bas de la fenêtre.

Lorsque l'outil a terminé (il n'y a plus de défilement en bas de la fenêtre), cliquer sur le bouton Save ....

Une fenêtre du Bloc-notes va s'ouvrir, contenant le fichier rapport.
Note: Dans le Bloc-notes, vérifier dans le menu Format que l'option "Retour automatique à la ligne" n'est pas cochée.
Enregistrer ce fichier sur le Bureau sous le nom gmer-091229.txt.
Fermer la fenêtre Gmer (clic sur OK).


Étape 6: Réactivation des programmes de sécurité résidents
Important: Réactiver le module résident de l'antivirus.


Étape 7: Résultats
Envoyer en réponse:
*- le rapport de MBR rootkit detector (contenu du fichier mbr.log situé sur le Bureau).
*- le rapport de Gmer (contenu du fichier gmer-091229.txt)<----ce rapport est souvent très long; vérifier qu'il est complet; si nécessaire le découper en plusieurs messages -- en utilisant toujours le bouton Répondre.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede Cyril » 01 Jan 2010, 19:47

Rapport MBR :

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK


Rapport Gmer

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-31 00:23:30
Windows 5.1.2600 Service Pack 3
Running: epnc1old.exe; Driver: C:\DOCUME~1\CYRILJ~1\LOCALS~1\Temp\pxtdqpod.sys


---- System - GMER 1.0.15 ----

SSDT F7B566D6 ZwCreateKey
SSDT F7B566CC ZwCreateThread
SSDT F7B566DB ZwDeleteKey
SSDT F7B566E5 ZwDeleteValueKey
SSDT F7B566EA ZwLoadKey
SSDT F7B566B8 ZwOpenProcess
SSDT F7B566BD ZwOpenThread
SSDT F7B566F4 ZwReplaceKey
SSDT F7B566EF ZwRestoreKey
SSDT F7B566E0 ZwSetValueKey
SSDT F7B566C7 ZwTerminateProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \FileSystem\Fastfat \Fat B696ED20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Cyril
 
Messages: 11
Inscription: 28 Déc 2009, 19:53

Messagede nickW » 02 Jan 2010, 22:15

Bonsoir,

Apparemment, il n'y a plus de trace du "rootkit". :D


Derniers nettoyages:

Étape 1: OTL (de OldTimer), nettoyage
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK
Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien

:otl
O33 - MountPoints2\{51fb4121-38cf-11de-ae12-001060fb4a5e}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{51fb4121-38cf-11de-ae12-001060fb4a5e}\Shell\open\Command - "" = rundll32.exe .\\dfrnres.dll,InstallM
O33 - MountPoints2\{ff5b9406-dfca-11dd-ad37-001060fb4a5e}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{ff5b9406-dfca-11dd-ad37-001060fb4a5e}\Shell\open\Command - "" = rundll32.exe .\\jgas400.dll,InstallM
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
O33 - MountPoints2\E\Shell\Install\command - "" = E:\Setup.exe -- File not found

:Commands
[emptytemp]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom OTL-1.txt
Fermer le Bloc-notes.
Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "Activer Antivir Guard/AntiVir Guard enable"


Étape 3: OTL (de OldTimer), nettoyage
Faire un double clic sur OTL.exe pour lancer l'outil.
Ouvrir le fichier OTL-1.txt dans le Bloc-notes.
Dans le Bloc-notes, cliquer sur le menu Edition (en haut) et choisir Sélectionner tout.
Dans le Bloc-notes, cliquer sur le menu Edition (en haut) et choisir Copier.

Retourner dans la fenêtre de OTL, faire un clic droit dans la fenêtre située en bas nommée "Custom Scans/Fixes" Image et choisir Coller.

Fermer toutes les fenêtres de programme ouvertes (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer sur le bouton Run Fix: Image

Note: Lorsque le redémarrage est demandé, cliquer sur Oui/Yes

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Fix Complete! Click OK to open the fix log". Cliquer sur OK puis fermer OTL.


Étape 4: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 5: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Quick Scan:
Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 6: Résultats
Envoyer en réponse:
*- le rapport de correction de OTL (contenu du fichier SystemDrive\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du log):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.


A suivre (car il reste des programmes "superflus au démarrage" à supprimer, et des conseils de sécurité à appliquer),
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 11 invités

cron