OK Demande analyse après pb résolu en partie

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

OK Demande analyse après pb résolu en partie

Messagede ducateric » 07 Jan 2010, 14:43

Symptômes :

Ralentissement général de l'ordinateur,

Thunderbird met un temps infini à relever le courrier, ou échoue sa connexion au serveur

une utilisation à 99 % de l'UC, avec une "bataille" entre svchost.exe et vsserv.exe .

Bitdefender devenant inactif inopinément (icône grise dans la SysBarre)

Un reboot en cas de téléchargement de gros fichiers via free ftp ou gmail (même après nettoyage et aspiration des poussières à l'intérieur de l'UC)

Comme décrit par ailleurs, après détection de siszyd.exe au démarrage et la suppression avec Freefixer, l'ordinateur a retrouvé une vitesse satisfaisante.

Thunderbird doit toujours être sollicité au moins 2 fois avant de pouvoir relever le courrier.


Mais suivant les conseils voici les résultats des 3 tests demandés

1/ Malwarebytes

dans le premier log, je n'étais pas sûr d'avoir correctement désactivé l'antivirus, et donc les résultats étant différents, je soumets les 2 fichiers.

a/
Malwarebytes' Anti-Malware 1.43
Version de la base de données: 3507
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07/01/2010 10:11:13
mbam-log-2010-01-07 (10-10-34).txt

Type de recherche: Examen rapide
Eléments examinés: 120697
Temps écoulé: 6 minute(s), 41 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\Drivers\ruldik.sys (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\PROPRIETAIRE\Application Data\avdrn.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\LocalService\Application Data\fvgqad.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\NetworkService\Application Data\fvgqad.dat (Malware.Trace) -> No action taken.

b/
    Malwarebytes' Anti-Malware 1.43
    Version de la base de données: 3507
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    07/01/2010 14:06:36
    mbam-log-2010-01-07 (14-06-27).txt

    Type de recherche: Examen rapide
    Eléments examinés: 120770
    Temps écoulé: 5 minute(s), 18 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 3

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Documents and Settings\PROPRIETAIRE\Application Data\avdrn.dat (Malware.Trace) -> No action taken.
    C:\Documents and Settings\LocalService\Application Data\fvgqad.dat (Malware.Trace) -> No action taken.
    C:\Documents and Settings\NetworkService\Application Data\fvgqad.dat (Malware.Trace) -> No action taken.
ducateric
 
Messages: 20
Inscription: 05 Jan 2010, 19:42

Messagede ducateric » 07 Jan 2010, 14:44

OTL logfile created on: 07/01/2010 12:30:22 - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\PROPRIETAIRE\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

959,00 Mb Total Physical Memory | 370,00 Mb Available Physical Memory | 39,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189,91 Gb Total Space | 48,93 Gb Free Space | 25,77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PROPRIET-B4F38A
Current User Name: PROPRIETAIRE
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/07 09:38:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PROPRIETAIRE\Bureau\OTL.exe
PRC - [2009/11/16 21:31:07 | 00,442,368 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
PRC - [2009/11/16 21:31:06 | 00,782,336 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
PRC - [2009/11/16 21:31:05 | 01,638,240 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/07 18:49:06 | 00,413,696 | ---- | M] (BitDefender SRL) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/03 12:58:21 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/14 03:34:03 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/13 08:20:22 | 00,097,432 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2006/12/10 19:04:26 | 00,135,168 | ---- | M] (Computer Associates) -- C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
PRC - [2006/05/27 10:47:26 | 16,208,384 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2005/12/09 20:06:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2005/10/24 19:08:06 | 00,387,616 | ---- | M] () -- C:\Program Files\SpamPal\spampal.exe
PRC - [2003/08/29 19:05:35 | 00,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 00,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (SafeList) ==========

MOD - [2010/01/07 09:38:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PROPRIETAIRE\Bureau\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/11/16 21:31:05 | 01,638,240 | ---- | M] (BitDefender S. R. L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/07 18:49:06 | 00,413,696 | ---- | M] (BitDefender SRL) [Auto | Running] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2009/08/10 18:12:47 | 00,323,584 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/23 22:06:06 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/03 12:58:21 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c985f6c27275e0) Google Update Service (gupdate1c985f6c27275e0)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/17 12:06:56 | 00,118,784 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3)
SRV - [2008/04/14 03:33:28 | 00,029,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2007/04/13 08:20:22 | 00,097,432 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/03/26 12:06:24 | 00,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/02/28 18:38:06 | 00,407,456 | ---- | M] (Canal+ Active) [On_Demand | Stopped] -- C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe -- (Service CANALPLAY)
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/12/09 20:06:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/10/24 11:38:02 | 00,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/21 19:28:34 | 00,104,456 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfndisf.sys -- (Bdfndisf)
DRV - [2009/08/20 18:36:24 | 00,137,224 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/04/14 18:22:57 | 00,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2009/04/07 18:14:36 | 00,008,832 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr)
DRV - [2008/12/10 19:42:46 | 00,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2008/11/20 20:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/10/06 17:16:16 | 00,082,696 | ---- | M] (BitDefender S.R.L.) [Kernel | Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys -- (BDVEDISK)
DRV - [2008/09/18 11:09:12 | 00,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
DRV - [2008/09/02 13:32:06 | 00,013,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2008/04/13 19:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 19:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 19:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2008/04/13 17:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 11:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/05/03 12:36:30 | 00,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2007/03/20 10:33:28 | 00,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2006/12/09 12:32:44 | 00,004,501 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2006/11/07 08:42:30 | 00,086,368 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200obex.sys -- (w200obex)
DRV - [2006/11/07 08:42:28 | 00,088,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200mgmt.sys -- (w200mgmt) Sony Ericsson W200 USB WMC Device Management Drivers (WDM)
DRV - [2006/11/07 08:42:24 | 00,097,056 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200mdm.sys -- (w200mdm)
DRV - [2006/11/07 08:42:22 | 00,009,328 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200mdfl.sys -- (w200mdfl)
DRV - [2006/11/07 08:42:16 | 00,061,504 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200bus.sys -- (w200bus) Sony Ericsson W200 driver (WDM)
DRV - [2006/10/30 13:46:02 | 00,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2006/05/26 13:20:58 | 04,279,296 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/24 17:52:28 | 00,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/03/02 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2006/02/17 04:28:32 | 00,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/02/17 04:28:30 | 00,034,176 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/09 20:06:00 | 03,536,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/03/09 15:53:00 | 00,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2001/08/17 21:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Pilote de filtrage Sony USB (SONYPVU1)
DRV - [2001/08/17 20:49:10 | 00,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-527237240-1844237615-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-527237240-1844237615-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-527237240-1844237615-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-527237240-1844237615-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.fr/news?ned=fr
IE - HKU\S-1-5-21-527237240-1844237615-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-527237240-1844237615-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-527237240-1844237615-725345543-1004\..\URLSearchHook: {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-527237240-1844237615-725345543-1004\S-1-5-21-527237240-1844237615-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-527237240-1844237615-725345543-1004\S-1-5-21-527237240-1844237615-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://news.google.fr/news?ned=fr"
FF - prefs.js..extensions.enabledItems: fr-FR@dictionaries.addons.mozilla.org:2.1
FF - prefs.js..extensions.enabledItems: fr@dictionaries.addons.mozilla.org:2.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.7
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.09
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.3.20091214_AMO

FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Fichiers communs\fluxDVD\Download Manager\Mozilla [2007/04/18 12:59:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\ [2009/11/16 21:33:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/06 17:55:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 17:55:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.3\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2009/11/27 19:26:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.3\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2009/11/27 19:26:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/01/06 19:20:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/11/27 19:26:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\tbextension\ [2009/02/07 21:56:18 | 00,000,000 | ---D | M]

[2010/01/06 19:20:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Extensions
[2010/01/06 19:20:42 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/09/13 18:38:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/06 17:51:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\imvk6jwp.default\extensions
[2010/01/05 09:14:13 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\imvk6jwp.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2008/02/20 21:30:24 | 00,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\imvk6jwp.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(2)
[2010/01/05 09:12:57 | 00,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\imvk6jwp.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(3)
[2009/10/28 19:41:59 | 00,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\imvk6jwp.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/12/13 09:07:29 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\imvk6jwp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/08/06 17:36:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\imvk6jwp.default\extensions\fr@dictionaries.addons.mozilla.org
[2009/08/06 17:36:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\imvk6jwp.default\extensions\fr-FR@dictionaries.addons.mozilla.org
[2009/12/15 17:30:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\imvk6jwp.default\extensions\SkipScreen@SkipScreen
[2008/02/20 21:29:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\imvk6jwp.default\extensions\TabSidebar@blueprintit.co(2).uk
[2006/12/24 22:38:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Sunbird\Profiles\wso61c2k.default\extensions
[2008/11/24 14:50:50 | 00,000,838 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\imvk6jwp.default\searchplugins\conduit.xml
[2010/01/05 16:13:15 | 00,002,016 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\imvk6jwp.default\searchplugins\yopmailcom--email-temporaire.xml
[2010/01/06 17:51:17 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/16 21:31:06 | 00,065,536 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\FFComm.dll
[2006/03/17 10:56:34 | 00,095,128 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPMPDRM.dll
[2009/05/05 14:10:44 | 01,961,984 | ---- | M] (Myriad Software.) -- C:\Program Files\Mozilla Firefox\plugins\NPMyrMus.dll
[2010/01/05 16:22:36 | 00,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2009/07/04 19:04:31 | 00,002,194 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2010/01/05 16:22:36 | 00,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/05 16:22:37 | 00,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2006/09/10 12:35:08 | 00,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/01/05 16:22:37 | 00,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/01/05 16:22:38 | 00,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: (7077936 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 0.r.msn.com #[microsoft_adcenter]
O1 - Hosts: 127.0.0.1 000dom.revenuedirect.com
O1 - Hosts: 127.0.0.1 00a0-f0d5-a44e-33s6.cnc-inc.cn
O1 - Hosts: 127.0.0.1 011707160008.c.mystat-in.net
O1 - Hosts: 127.0.0.1 061606084448.c.mystat-in.net
O1 - Hosts: 127.0.0.1 070806142521.c.mystat-in.net
O1 - Hosts: 127.0.0.1 08search.com #[klikadvertising]
O1 - Hosts: 127.0.0.1 090906042103.c.mystat-in.net
O1 - Hosts: 127.0.0.1 092706152958.c.mystat-in.net
O1 - Hosts: 127.0.0.1 0scanner.com
O1 - Hosts: 127.0.0.1 1.9797aiai.com #[eTrust.Win32/XinCrak]
O1 - Hosts: 127.0.0.1 1.httpdads.com
O1 - Hosts: 127.0.0.1 1.xqhgm.com
O1 - Hosts: 127.0.0.1 100-celebrities.com
O1 - Hosts: 127.0.0.1 100.mbn.com.ua
O1 - Hosts: 127.0.0.1 100.topnews.ru
O1 - Hosts: 127.0.0.1 10006.hittail.com
O1 - Hosts: 127.0.0.1 10168.hittail.com
O1 - Hosts: 127.0.0.1 102106151057.c.mystat-in.net
O1 - Hosts: 127.0.0.1 1047.www1.p0rt2.com
O1 - Hosts: 127.0.0.1 10661.kit.carpediem.fr
O1 - Hosts: 127.0.0.1 10xhellometro.112.2o7.net
O1 - Hosts: 127.0.0.1 11.rtstats.com
O1 - Hosts: 127.0.0.1 112006133326.c.mystat-in.net
O1 - Hosts: 214975 more lines...
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files\Fichiers communs\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: () - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\Program Files\Star Downloader\SDIEInt.dll ()
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKU\S-1-5-21-527237240-1844237615-725345543-1004\..\Toolbar\WebBrowser: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No CLSID value found.
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (BitDefender)
O4 - HKLM..\Run: [eTrustPPAP] C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe (Computer Associates)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-527237240-1844237615-725345543-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [wextract_cleanup0] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\PROPRIETAIRE\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\PROPRIETAIRE\Menu Démarrer\Programmes\Démarrage\SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe ()
O4 - Startup: C:\Documents and Settings\PROPRIETAIRE\Menu Démarrer\Programmes\Démarrage\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-527237240-1844237615-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-527237240-1844237615-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-527237240-1844237615-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Télécharger avec Star Downloader - C:\Program Files\Star Downloader\sdie.htm ()
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .mu3 - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .mus - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .mxl - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .mya - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .myr - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .myt - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .xmz - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O15 - HKLM\..Trusted Domains: canalplay.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: canalplusactive.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-527237240-1844237615-725345543-1004\..Trusted Domains: canalplay.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-527237240-1844237615-725345543-1004\..Trusted Domains: canalplusactive.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-527237240-1844237615-725345543-1004\..Trusted Domains: 66 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 8641428265 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (sockspy.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/09 12:14:59 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/12/09 12:14:29 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/01/07 10:10:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PROPRIETAIRE\Mes documents\Malwarebytes log
[2010/01/07 09:59:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/07 09:56:45 | 00,000,000 | ---D | C] -- C:\erunt
[2010/01/07 09:55:44 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/07 09:55:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PROPRIETAIRE\Bureau\erunt-loc_fr
[2010/01/07 09:53:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Malwarebytes
[2010/01/07 09:53:48 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 09:53:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/07 09:53:44 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/07 09:53:44 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/07 09:46:35 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\PROPRIETAIRE\Bureau\erunt-setup.exe
[2010/01/07 09:39:47 | 05,061,520 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\PROPRIETAIRE\Bureau\mbam-setup.exe
[2010/01/07 09:38:54 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PROPRIETAIRE\Bureau\OTL.exe
[2010/01/05 17:00:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\FreeFixer
[2010/01/05 17:00:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\FreeFixer
[2010/01/05 16:58:49 | 00,000,000 | ---D | C] -- C:\Program Files\FreeFixer
[2010/01/05 16:34:51 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\PROPRIETAIRE\Bureau\tasklist.exe
[2010/01/05 14:44:09 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/01/05 10:11:53 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\PROPRIETAIRE\Recent
[2010/01/05 09:13:34 | 00,000,000 | ---D | C] -- C:\Program Files\Video Convert Master
[2009/12/29 11:45:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PROPRIETAIRE\Mes documents\FGB
[2009/12/28 18:39:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PROPRIETAIRE\Bureau\Avatar
[2009/12/24 16:35:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Geckofx
[2009/12/15 21:15:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PROPRIETAIRE\Mes documents\Drivers
[2009/12/15 20:59:18 | 00,000,000 | ---D | C] -- C:\Program Files\ma-config.com
[2009/12/15 20:59:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2009/12/15 17:28:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\vlc
[2009/12/13 13:57:23 | 00,318,904 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\PROPRIETAIRE\Bureau\WindowsMedia-Firefox-Plugin.exe
[2009/12/13 09:01:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/12/12 19:26:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2009/04/26 10:33:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/05/11 22:40:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/01/22 20:19:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/05/03 12:36:30 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\PROPRIETAIRE\Application Data\pcouffin.sys
[2006/12/09 12:17:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/12/09 12:14:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/12/09 12:14:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[469 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/07 11:42:00 | 00,001,000 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/07 10:25:13 | 00,001,224 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
[2010/01/07 10:15:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/07 09:56:01 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/01/07 09:55:45 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\NTREGOPT.lnk
[2010/01/07 09:55:45 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\ERUNT.lnk
[2010/01/07 09:53:50 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/01/07 09:47:13 | 00,005,024 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\erunt-loc_fr.zip
[2010/01/07 09:46:35 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\PROPRIETAIRE\Bureau\erunt-setup.exe
[2010/01/07 09:39:55 | 05,061,520 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\PROPRIETAIRE\Bureau\mbam-setup.exe
[2010/01/07 09:38:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PROPRIETAIRE\Bureau\OTL.exe
[2010/01/07 09:01:49 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/07 09:01:40 | 00,043,573 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/07 09:01:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/06 22:10:27 | 13,369,344 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\ntuser.dat
[2010/01/06 22:10:27 | 00,000,284 | -HS- | M] () -- C:\Documents and Settings\PROPRIETAIRE\ntuser.ini
[2010/01/06 19:10:00 | 00,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ca5be7a7cbb40.job
[2010/01/06 15:45:20 | 07,077,936 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010/01/06 13:11:53 | 00,013,870 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Mes documents\PC de bureau.docx
[2010/01/06 10:27:08 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2010/01/05 22:10:51 | 00,000,650 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Menu Démarrer\Programmes\Démarrage\SpywareGuard.lnk
[2010/01/05 20:04:04 | 00,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk
[2010/01/05 18:54:39 | 00,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2010/01/05 16:35:56 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\PROPRIETAIRE\Bureau\tasklist.exe
[2010/01/05 16:01:06 | 07,078,470 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100106-154520.backup
[2010/01/05 09:34:41 | 07,077,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2010/01/04 17:27:23 | 07,077,374 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100105-093441.backup
[2010/01/04 16:55:56 | 00,000,004 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Application Data\avdrn.dat
[2010/01/03 18:13:04 | 00,000,000 | ---- | M] () -- C:\WINDOWS\WHWW~.AIF
[2010/01/03 16:10:58 | 29,308,5787 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\trailer_720p.mov
[2010/01/01 11:03:41 | 00,045,926 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\showfile.php.jpg
[2010/01/01 10:53:57 | 00,037,362 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\1image-sport12.jpg
[2010/01/01 10:52:31 | 00,019,424 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\golf-facile.jpg
[2009/12/30 18:02:27 | 00,000,675 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/28 12:43:31 | 07,077,868 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100104-172720.backup
[2009/12/26 09:03:42 | 00,001,087 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/12/19 14:51:21 | 00,000,339 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091219-145431.backup
[2009/12/17 18:02:50 | 00,754,132 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\programmeIFG.pdf
[2009/12/15 20:58:25 | 02,869,784 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\MaConfig_4_0_0_6.exe
[2009/12/15 17:44:17 | 01,180,686 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/15 17:44:17 | 00,532,400 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009/12/15 17:44:17 | 00,460,708 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/15 17:44:17 | 00,094,840 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009/12/15 17:44:17 | 00,079,282 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/15 17:44:16 | 00,454,976 | ---- | M] () -- C:\WINDOWS\System32\perfh040.dat
[2009/12/15 17:44:16 | 00,068,560 | ---- | M] () -- C:\WINDOWS\System32\perfc040.dat
[2009/12/15 17:27:45 | 00,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\VLC media player.lnk
[2009/12/14 21:43:59 | 07,050,943 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091227-211157.backup
[2009/12/13 16:30:33 | 07,050,943 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091214-214359.backup
[2009/12/13 15:12:16 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
[2009/12/13 13:57:24 | 00,318,904 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\PROPRIETAIRE\Bureau\WindowsMedia-Firefox-Plugin.exe
[2009/12/12 21:31:34 | 00,282,428 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\MDA712.pdf
[2009/12/12 21:09:51 | 02,307,962 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Mes documents\La_deco_des_sols_et_des_murs.pdf
[2009/12/08 21:46:03 | 07,049,910 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091213-163032.backup
[469 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/07 09:56:01 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/01/07 09:55:45 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\NTREGOPT.lnk
[2010/01/07 09:55:45 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\ERUNT.lnk
[2010/01/07 09:53:50 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/01/07 09:47:11 | 00,005,024 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\erunt-loc_fr.zip
[2010/01/06 13:08:20 | 00,013,870 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Mes documents\PC de bureau.docx
[2010/01/05 20:04:04 | 00,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk
[2010/01/05 09:02:22 | 00,000,020 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\fvgqad.dat
[2010/01/05 09:02:18 | 00,001,000 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/04 16:56:00 | 00,000,020 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\fvgqad.dat
[2010/01/04 16:55:56 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Application Data\avdrn.dat
[2010/01/03 16:08:00 | 29,308,5787 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\trailer_720p.mov
[2010/01/01 11:03:41 | 00,045,926 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\showfile.php.jpg
[2010/01/01 10:53:57 | 00,037,362 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\1image-sport12.jpg
[2010/01/01 10:52:29 | 00,019,424 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\golf-facile.jpg
[2009/12/17 18:02:50 | 00,754,132 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\programmeIFG.pdf
[2009/12/15 20:58:40 | 13,369,344 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\ntuser.dat
[2009/12/15 20:58:25 | 02,869,784 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\MaConfig_4_0_0_6.exe
[2009/12/15 17:27:45 | 00,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\VLC media player.lnk
[2009/12/12 21:31:33 | 00,282,428 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\MDA712.pdf
[2009/12/12 21:09:49 | 02,307,962 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Mes documents\La_deco_des_sols_et_des_murs.pdf
[2009/12/01 22:54:45 | 00,191,880 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/11/03 12:06:18 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\MMPlugHostCtrl.dll
[2009/11/03 12:06:18 | 00,000,724 | ---- | C] () -- C:\WINDOWS\wacam.ini
[2009/03/09 13:48:39 | 00,000,137 | ---- | C] () -- C:\WINDOWS\ifoedit.INI
[2008/10/12 19:41:27 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2008/10/09 15:31:54 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/09/16 01:14:24 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/16 01:12:02 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/10 18:56:42 | 00,884,736 | ---- | C] () -- C:\WINDOWS\System32\HDX4MediaConverter.dll
[2008/06/20 20:39:36 | 00,000,030 | -H-- | C] () -- C:\WINDOWS\~mem001.sys
[2008/06/20 20:39:36 | 00,000,014 | ---- | C] () -- C:\WINDOWS\mm.sys
[2007/12/05 21:03:44 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2007/11/19 19:36:22 | 00,000,887 | ---- | C] () -- C:\WINDOWS\cPVAS.INI
[2007/10/18 16:40:12 | 00,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/10/15 15:59:17 | 00,425,984 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2007/07/13 20:14:12 | 00,000,135 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\fusioncache.dat
[2007/06/25 13:45:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2007/05/03 12:36:37 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Application Data\pcouffin.log
[2007/05/03 12:36:30 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Application Data\ezpinst.exe
[2007/05/03 12:36:30 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Application Data\pcouffin.inf
[2007/05/03 12:36:30 | 00,001,074 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Application Data\pcouffin.cat
[2007/04/12 10:01:20 | 00,000,100 | ---- | C] () -- C:\WINDOWS\COSYPRN1.INI
[2007/04/08 12:36:14 | 00,000,164 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/02/26 21:41:29 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/02/15 08:37:41 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2007/02/10 17:44:03 | 00,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/03 20:51:39 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/01/31 13:50:32 | 00,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/12/31 19:52:15 | 00,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/12/29 23:19:32 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/16 13:06:32 | 01,256,895 | ---- | C] () -- C:\Program Files\wrar341fr.exe
[2006/12/16 13:06:32 | 00,000,405 | ---- | C] () -- C:\Program Files\lipsheim.txt
[2006/12/10 19:25:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/12/10 01:59:57 | 01,138,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/12/10 01:59:57 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/12/10 01:59:55 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/12/10 01:59:55 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/12/10 00:55:43 | 00,190,976 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/09 12:30:45 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/03/02 13:00:00 | 00,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004624_.tmp.dll
[2006/03/02 13:00:00 | 00,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004592_.tmp.dll
[2005/12/09 20:06:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/12/09 20:06:00 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/12/09 20:06:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/12/09 20:06:00 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/12/09 20:06:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/12/09 20:06:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/12/09 20:06:00 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/12/07 11:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/03/14 14:38:28 | 00,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/04/09 14:16:08 | 07,602,176 | ---- | C] () -- C:\WINDOWS\System32\vaesaver.dll
[1998/09/14 20:43:16 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TWAIN32d.dll

========== LOP Check ==========

[2009/12/14 21:32:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\BitDefender
[2006/12/16 12:38:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\abelhadigital.com
[2009/02/07 21:58:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2006/12/10 19:02:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2007/10/18 16:31:30 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/01/07 09:55:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2009/09/30 17:35:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ciel
[2009/07/07 11:26:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CutList Plus
[2007/02/16 21:29:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2008/10/12 19:41:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/03/30 19:56:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/12/15 20:59:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2007/04/18 12:59:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mpDRM
[2007/02/16 23:24:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2006/12/24 17:23:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2007/10/18 16:40:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/06/25 13:17:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2010/01/06 13:10:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/12 19:41:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2008/12/24 20:55:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/09/30 11:15:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/02 12:53:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/12/02 22:14:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\abelhadigital.com
[2009/11/03 12:07:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\ACAMPREF
[2007/12/28 21:10:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\AlauxSoft
[2008/09/10 18:57:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Ashampoo
[2009/02/07 21:56:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\BitDefender
[2008/03/24 13:09:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Canon
[2007/04/07 20:15:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Copernic
[2009/07/09 06:14:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\CutList Plus
[2007/02/16 23:02:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Datalayer
[2008/07/27 19:06:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Dr. DivX 2.0 OSS
[2010/01/06 22:10:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\FileZilla
[2008/12/02 19:34:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\FinalBurner .ISO
[2008/12/13 22:57:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\FinalBurner Copy
[2008/12/13 22:57:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\FinalBurner WMVHD
[2010/01/05 17:04:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\FreeFixer
[2008/02/16 13:08:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Leadertech
[2009/09/13 18:41:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\LimeWire
[2008/10/12 19:41:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Nikon
[2008/09/25 19:40:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Nokia
[2009/03/30 20:19:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Nokia Multimedia Player
[2008/10/20 09:42:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\OpenOffice.org
[2007/05/04 18:27:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\PC Suite
[2007/05/01 21:27:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Pegasys Inc
[2007/10/18 16:40:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\ScanSoft
[2007/07/19 11:50:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\SpamPal
[2009/06/28 20:39:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\StarOffice8
[2007/06/25 13:22:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Teleca
[2010/01/06 19:20:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Thunderbird
[2009/12/01 18:57:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Uniblue
[2009/07/07 11:21:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Unigraphics Solutions
[2008/11/11 21:15:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Vso
[2006/12/31 17:56:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\XnView
[2007/09/05 19:54:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\yoclient
[2009/05/02 15:41:58 | 00,000,398 | ---- | M] () -- C:\WINDOWS\Tasks\NSSstub.job

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>


<MD5>
[2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

<MD5>
[2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/03/02 13:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/03/02 13:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2006/03/02 13:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys

<MD5>
[2006/03/02 13:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 03:33:24 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 03:33:24 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll
[2008/07/17 12:06:54 | 00,001,536 | ---- | M] () MD5=CAA9BBBE220DDB97B81FAC66321B513B -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll

<MD5>
[2008/04/14 03:33:34 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 03:33:34 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2006/03/02 13:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

<MD5>
[2006/04/24 17:52:28 | 00,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\system32\drivers\nvata.sys

<MD5>
[2006/03/02 13:00:00 | 00,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 03:33:40 | 00,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 03:33:40 | 00,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

<systemroot>

<systemroot>
[469 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

<systemroot>

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
<End>
ducateric
 
Messages: 20
Inscription: 05 Jan 2010, 19:42

Messagede ducateric » 07 Jan 2010, 14:45

OTL Extras logfile created on: 07/01/2010 12:30:22 - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\PROPRIETAIRE\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

959,00 Mb Total Physical Memory | 370,00 Mb Available Physical Memory | 39,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189,91 Gb Total Space | 48,93 Gb Free Space | 25,77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PROPRIET-B4F38A
Current User Name: PROPRIETAIRE
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] --

[HKEY_USERS\S-1-5-21-527237240-1844237615-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HomePlayer1.4.0.2\HomePlayer.exe" = C:\Program Files\HomePlayer1.4.0.2\HomePlayer.exe:*:Enabled:HomePlayer -- File not found
"C:\Program Files\HomePlayer1.4.0.2\VLC\vlc.exe" = C:\Program Files\HomePlayer1.4.0.2\VLC\vlc.exe:*:Enabled:VLC media player -- File not found
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:Fichier de ressources QuickTime -- (Apple Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\HomePlayer1.5\HomePlayer.exe" = C:\Program Files\HomePlayer1.5\HomePlayer.exe:*:Enabled:HomePlayer -- File not found
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" = C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe:*:Enabled:Lecteur CANALPLAY -- (Canal+ Active)
"C:\Program Files\EasyBox\vlc\vlc.exe" = C:\Program Files\EasyBox\vlc\vlc.exe:*:Enabled:VLC media player -- File not found
"C:\Program Files\EasyBox\apache\apache.exe" = C:\Program Files\EasyBox\apache\apache.exe:*:Enabled:Apache HTTP Server -- File not found
"C:\Program Files\HomePlayer1.5.1.1\HomePlayer.exe" = C:\Program Files\HomePlayer1.5.1.1\HomePlayer.exe:*:Enabled:HomePlayer -- File not found
"C:\Program Files\Fichiers communs\Nokia\Service Layer\nsl_host_process.exe" = C:\Program Files\Fichiers communs\Nokia\Service Layer\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- File not found
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:OTI@Home User Interface -- (Nokia Corporation)
"C:\Program Files\Fichiers communs\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Fichiers communs\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Program Files\TVAnts\Tvants.exe" = C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts -- File not found
"C:\Program Files\HomePlayer1.5.2\HomePlayer.exe" = C:\Program Files\HomePlayer1.5.2\HomePlayer.exe:*:Enabled:HomePlayer -- File not found
"C:\Program Files\HomePlayer1.5.2\VLC\vlc.exe" = C:\Program Files\HomePlayer1.5.2\VLC\vlc.exe:*:Disabled:VLC media player -- File not found
"C:\Program Files\HomePlayer1.5.3.1\HomePlayer.exe" = C:\Program Files\HomePlayer1.5.3.1\HomePlayer.exe:*:Enabled:HomePlayer -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Documents and Settings\PROPRIETAIRE\Mes documents\téléchargement\freebox\v1.0.0.0\FreeboxHDAlerte.exe" = C:\Documents and Settings\PROPRIETAIRE\Mes documents\téléchargement\freebox\v1.0.0.0\FreeboxHDAlerte.exe:*:Enabled:FreeboxHDAlerte -- ()
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\adslTV\vlc.exe" = C:\Program Files\adslTV\vlc.exe:*:Enabled:VLC media player -- File not found
"C:\Program Files\adslTV\adsltv.exe" = C:\Program Files\adslTV\adsltv.exe:*:Enabled:adsltv -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath -- (Skype Technologies S.A.)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMuleMorphXT -- (http://emulemorph.sourceforge.net)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\HomePlayer\HomePlayer.exe" = C:\Program Files\HomePlayer\HomePlayer.exe:*:Enabled:HomePlayer -- ()
"C:\Program Files\HomePlayer\VLC\vlc.exe" = C:\Program Files\HomePlayer\VLC\vlc.exe:*:Enabled:VLC HomePlayer -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FFC2D3-7255-4858-8685-F5976ED7869E}" = Ducati Data Analyzer
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series" = Canon MP520 series
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A3E23D7-7A1E-43EC-B35D-EB8A31BED943}" = FinalBurner PRO v2.3.0.171
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39586F4F-758D-4A92-A5DF-33E9DB9C09D9}" = PestPatrolv5
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4796EDEE-3550-46ED-9455-23F23A9A8CA8}" = Solid Edge 2D Drafting ST
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photorécit 3 pour Windows
"{523B1E21-0B29-4402-9B8A-339086462028}_is1" = VirtualDub-MPEG2 v1.6.15 b24600 Fr
"{55718B4B90B54F7EADC5621C750A14E6}" = DivX Author 1.5
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{61FC0B38-1835-4E79-9BC9-B18D6C0E87CF}" = CutList Plus
"{6860B340-530D-46B3-91F8-1AE1F70F7C33}" = OpenOffice.org 3.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6ED53E0C-EAC0-4F0F-947D-6BA817E4C8C3}" = HostsMan 3.1.57
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8262DC94-B28D-4B95-A2EB-6CD867D4936E}" = DDA Flash Updater
"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FA19E9C-2067-4495-82B0-48330A11285C}" = StarOffice 8
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{95774351-6087-3A3B-8CA8-70BEE49D2BD5}" = Google Gears
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero
"{A7E80619-A6CC-438C-92B3-708FFC004AFE}" = BitDefender Internet Security 2009
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA668889-AA01-AA01-AADC-65462C3DE344}" = FreeFixer
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1036-7B44-A92000000001}" = Adobe Reader 9.2 - Français
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF86BA3B-B465-4E12-B771-E12208FDB89B}" = Ciel Auto-entrepreneur Facile 1.40
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B6883DA2-2EBE-4DD1-80F1-8954998E7788}" = RealWorld Paint.COM
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D99C322D-C21B-40C7-AE71-EE51AA096B6E}" = Nokia Flashing Cable Driver
"{DE6CFFA1-4A51-11D6-BD6E-EF01F93E642D}" = SpamPal
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E9E37358-E3E1-47BA-9E21-375EF3616BC9}" = Lecteur CANALPLAY 2.2
"{EF4F620F-F295-41D7-92C0-6B635709C850}" = Nokia Software Updater
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Package de pilotes Windows - Nokia Modem (11/03/2006 6.82.0.1)
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"95F92ED608C079756C64BF4B0FEBA001D2AB8E1A" = Windows Driver Package - Prosa (libusb0) LibUsbDevices (03/20/2007 0.1.12.1)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 6.0
"Ashampoo ClipFisher_is1" = Ashampoo ClipFisher 1.17
"AviSynth" = AviSynth 2.5
"Beneton Movie GIF_is1" = Beneton Movie GIF 1.1.2
"C6111539B2275F3B5002AA30684D573E5EFE2A21" = Windows Driver Package - Prosa (libusb0) LibUsbDevices (08/27/2006 0.1.12.0)
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DR220A" = DR220A
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"eMule" = eMule
"eMule_is1" = morphemuleversion
"Enregistrement utilisateur de Canon MP520 series" = Enregistrement utilisateur de Canon MP520 series
"ERUNT_is1" = ERUNT 1.1j
"F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
"FireTune" = FireTune
"FusionSoft DVD Player XP_is1" = FusionSoft DVD Player XP Version 5.0
"GIF Animator" = Microsoft GIF Animator
"Gimp pour Windows" = Gimp pour Windows
"Google Updater" = Outil de mise à jour Google
"Google Video Uploader" = Google Video Uploader
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HomePlayer" = HomePlayer 1.5.9
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IsoBuster_is1" = IsoBuster 2.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.80 Full
"LameACM" = Lame ACM MP3 Codec
"Livre Album Mes Créations_is1" = Livre Album Mes Creations
"Loop12 V2" = Loop12 V2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Metronome 4.0" = Metronome 4.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Movies2iPhone" = Movies2iPhone .74b
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Mozilla Sunbird (0.3)" = Mozilla Sunbird (0.3)
"Mozilla Thunderbird (3.0)" = Mozilla Thunderbird (3.0)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 12.0" = RealPlayer
"Ri4m v5.0.1d" = Ri4m v5.0.1d
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SpywareGuard_is1" = SpywareGuard v2.2
"Star Downloader Free" = Star Downloader Free
"Video Convert Master_is1" = Video Convert Master v3.5
"VLC media player" = VLC media player 1.0.3
"VSO DivxToDVD_is1" = DivxToDVD 1.99.24
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Lecteur Windows Media 10
"Windows XP Service" = Windows XP Service Pack 3
"WinGTK-2_is1" = GTK+ 2.10.6-1 runtime environment
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-2
"WinRAR archiver" = Archiveur WinRAR
"xp-AntiSpy" = xp-AntiSpy 3.97-3
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-527237240-1844237615-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dr. DivX 2.0 OSS" = Dr. DivX 2.0 OSS
"FileZilla Client" = FileZilla Client 3.0.5.1
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/12/2009 11:21:54 | Computer Name = PROPRIET-B4F38A | Source = Application Error | ID = 1000
Description = Application défaillante divx converter.exe, version 7.1.0.124, module
défaillant divx converter.exe, version 7.1.0.124, adresse de défaillance 0x0000e9e4.

Error - 04/01/2010 16:56:40 | Computer Name = PROPRIET-B4F38A | Source = Application Error | ID = 1000
Description = Application défaillante spybotsd.exe, version 1.6.2.46, module défaillant
spybotsd.exe, version 1.6.2.46, adresse de défaillance 0x0002950a.

Error - 05/01/2010 12:27:00 | Computer Name = PROPRIET-B4F38A | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : The server name or address could not be resolved

Error - 05/01/2010 12:27:11 | Computer Name = PROPRIET-B4F38A | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : Cette connexion réseau n'existe pas.

Error - 05/01/2010 12:27:11 | Computer Name = PROPRIET-B4F38A | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : Cette connexion réseau n'existe pas.

Error - 05/01/2010 12:27:13 | Computer Name = PROPRIET-B4F38A | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : Cette connexion réseau n'existe pas.

Error - 05/01/2010 13:04:48 | Computer Name = PROPRIET-B4F38A | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : The server name or address could not be resolved

Error - 05/01/2010 13:04:57 | Computer Name = PROPRIET-B4F38A | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : Cette connexion réseau n'existe pas.

Error - 05/01/2010 13:04:57 | Computer Name = PROPRIET-B4F38A | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : Cette connexion réseau n'existe pas.

Error - 05/01/2010 13:04:58 | Computer Name = PROPRIET-B4F38A | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : Cette connexion réseau n'existe pas.

[ OSession Events ]
Error - 07/01/2009 04:49:03 | Computer Name = PROPRIET-B4F38A | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1036
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 06/01/2010 11:38:20 | Computer Name = PROPRIET-B4F38A | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service wuauserv
avec les arguments "" pour démarrer le serveur : {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 06/01/2010 12:38:27 | Computer Name = PROPRIET-B4F38A | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service wuauserv
avec les arguments "" pour démarrer le serveur : {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 06/01/2010 13:38:31 | Computer Name = PROPRIET-B4F38A | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service wuauserv
avec les arguments "" pour démarrer le serveur : {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 06/01/2010 14:38:35 | Computer Name = PROPRIET-B4F38A | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service wuauserv
avec les arguments "" pour démarrer le serveur : {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 06/01/2010 15:38:36 | Computer Name = PROPRIET-B4F38A | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service wuauserv
avec les arguments "" pour démarrer le serveur : {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 06/01/2010 16:38:41 | Computer Name = PROPRIET-B4F38A | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service wuauserv
avec les arguments "" pour démarrer le serveur : {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 07/01/2010 04:02:15 | Computer Name = PROPRIET-B4F38A | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service wuauserv
avec les arguments "" pour démarrer le serveur : {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 07/01/2010 05:12:14 | Computer Name = PROPRIET-B4F38A | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service wuauserv
avec les arguments "" pour démarrer le serveur : {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 07/01/2010 06:12:15 | Computer Name = PROPRIET-B4F38A | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service wuauserv
avec les arguments "" pour démarrer le serveur : {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 07/01/2010 07:12:31 | Computer Name = PROPRIET-B4F38A | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service wuauserv
avec les arguments "" pour démarrer le serveur : {E60687F7-01A1-40AA-86AC-DB1CBF673334}


<End>
ducateric
 
Messages: 20
Inscription: 05 Jan 2010, 19:42

Messagede nickW » 08 Jan 2010, 01:39

Bonsoir,

Recherche de "processus caché":

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur".

Je te conseille d'imprimer la procédure ou d'en sélectionner toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC (Note: tu n'auras pas accès à Internet ni au navigateur lors de l'étape 3, et des redémarrages sont possibles).
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscur, demande des explications avant de commencer la désinfection.



Étape 1: Gmer
Télécharger le programme exécutable (fichier .exe) depuis la page http://www.gmer.net/#files
Cliquer sur le bouton Download EXE.
Enregistrer le fichier à la racine du disque système (généralement C: ) en notant son nom (qui est aléatoire).


Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus et celui de l'antispyware.
Image BitDefender: double clic sur l'icône dans la SysBarre (à coté de l'horloge), dans le menu "Antivirus", dans l'onglet "Résident", décocher la case située devant "Protection en temps réel activée"

Désactiver TeaTimer de Spybot-S&D.
Dans la SysBarre (zone située juste à gauche de l'horloge) faire un clic droit sur l'icône du Résident de Spybot-S&D et choisir "Quitter Résident de Spybot-S&D".
Lancer Spybot-S&D, Mode avancé, Outils, Résident, décocher la case située devant TeaTimer. Fermer Spybot-S&D.
Faire redémarrer le PC.
Note:
Il ne faut pas réactiver TeaTimer avant la fin du nettoyage du PC (je te dirai quand et comment le faire).


Étape 3: Gmer

Fermer absolument toutes les applications, les connexions et les navigateurs.

Faire un double clic sur le fichier au nom aléatoire téléchargé précédemment.

Attendre quelques instants le chargement du pilote et les premières recherches.

Si l'outil affiche un message "WARNING !!! GMER has found system modification ... Do You want to fully scan your system ?", cliquer sur NO.

Vérifier que toutes les cases de la colonne de droite sont cochées sauf
Sections
AT/EAT
les lecteurs autres que C:\
"Show all"

comme ceci:
Image

puis cliquer sur le bouton Scan.

Attendre sans rien faire d'autre (... c'est un peu long...).
Les clés de Registre & fichiers scannés s'affichent en bas de la fenêtre.

Lorsque l'outil a terminé (il n'y a plus de défilement en bas de la fenêtre), cliquer sur le bouton Save ....

Une fenêtre du Bloc-notes va s'ouvrir, contenant le fichier rapport.
Note: Dans le Bloc-notes, vérifier dans le menu Format que l'option "Retour automatique à la ligne" n'est pas cochée.
Enregistrer ce fichier sur le Bureau sous le nom gmer-100107.txt.
Fermer la fenêtre Gmer (clic sur OK).


Étape 4: Réactivation des programmes de sécurité résidents
Important: Réactiver le module résident de l'antivirus.


Étape 5: Résultats
Envoyer en réponse:
*- le rapport de Gmer (contenu du fichier gmer-100107.txt)<----ce rapport est souvent long; vérifier qu'il est complet; si nécessaire le découper en plusieurs messages -- en utilisant toujours le bouton Répondre.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

gmer

Messagede ducateric » 08 Jan 2010, 20:14

Merci pour la réponse rapide.

Comme indiqué ci-dessous le contenu du fichier gmer, qui est plutôt court?

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-08 20:06:51
Windows 5.1.2600 Service Pack 3
Running: lh0nschg.exe; Driver: C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\kxaoapob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenProcess [0xBA05FC90]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenThread [0xBA05FD7E]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwTerminateProcess [0xBA05FBF4]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwTerminateThread [0xBA05FEC4]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

---- EOF - GMER 1.0.15 ----
ducateric
 
Messages: 20
Inscription: 05 Jan 2010, 19:42

Messagede nickW » 09 Jan 2010, 01:35

Bonsoir,

GMER n'a pas détecté de processus caché.

Nettoyages:

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur"


Étape 1: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image BitDefender: double clic sur l'icône dans la SysBarre (à coté de l'horloge), dans le menu "Antivirus", dans l'onglet "Résident", décocher la case située devant "Protection en temps réel activée"


Étape 2: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats".

Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection"
Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 3: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 4: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Quick Scan:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 5: Résultats
Envoyer en réponse:
*- le log de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du log):
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.


Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede ducateric » 09 Jan 2010, 19:01

Bonsoir,

merci la réponse.

Ci-dessous les fichiers de Malwaresbytes et OTL.

a/ Malwarebytes

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3527
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09/01/2010 18:38:49
mbam-log-2010-01-09 (18-38-49).txt

Type de recherche: Examen rapide
Eléments examinés: 120914
Temps écoulé: 5 minute(s), 16 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\PROPRIETAIRE\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\fvgqad.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\fvgqad.dat (Malware.Trace) -> Quarantined and deleted successfully.
ducateric
 
Messages: 20
Inscription: 05 Jan 2010, 19:42

Messagede ducateric » 09 Jan 2010, 19:06

b/ OTL

OTL logfile created on: 09/01/2010 18:43:21 - Run 2
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\PROPRIETAIRE\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

959,00 Mb Total Physical Memory | 456,00 Mb Available Physical Memory | 48,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189,91 Gb Total Space | 48,71 Gb Free Space | 25,65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PROPRIET-B4F38A
Current User Name: PROPRIETAIRE
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/07 09:38:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PROPRIETAIRE\Bureau\OTL.exe
PRC - [2009/11/16 21:31:07 | 00,442,368 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
PRC - [2009/11/16 21:31:06 | 00,782,336 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
PRC - [2009/11/16 21:31:05 | 01,638,240 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/07 18:49:06 | 00,413,696 | ---- | M] (BitDefender SRL) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/02/03 12:58:21 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/14 03:34:03 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/13 08:20:22 | 00,097,432 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2006/12/10 19:04:26 | 00,135,168 | ---- | M] (Computer Associates) -- C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
PRC - [2006/05/27 10:47:26 | 16,208,384 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2005/12/09 20:06:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2005/10/24 19:08:06 | 00,387,616 | ---- | M] () -- C:\Program Files\SpamPal\spampal.exe
PRC - [2003/08/29 19:05:35 | 00,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe


========== Modules (SafeList) ==========

MOD - [2010/01/07 09:38:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PROPRIETAIRE\Bureau\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/11/16 21:31:05 | 01,638,240 | ---- | M] (BitDefender S. R. L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/07 18:49:06 | 00,413,696 | ---- | M] (BitDefender SRL) [Auto | Running] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2009/08/10 18:12:47 | 00,323,584 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/23 22:06:06 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/03 12:58:21 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c985f6c27275e0) Google Update Service (gupdate1c985f6c27275e0)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/17 12:06:56 | 00,118,784 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3)
SRV - [2008/04/14 03:33:28 | 00,029,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2007/04/13 08:20:22 | 00,097,432 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/03/26 12:06:24 | 00,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/02/28 18:38:06 | 00,407,456 | ---- | M] (Canal+ Active) [On_Demand | Stopped] -- C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe -- (Service CANALPLAY)
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/12/09 20:06:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.fr/news?ned=fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://news.google.fr/news?ned=fr"
FF - prefs.js..extensions.enabledItems: fr-FR@dictionaries.addons.mozilla.org:2.1
FF - prefs.js..extensions.enabledItems: fr@dictionaries.addons.mozilla.org:2.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.7
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.09
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.3.20091214_AMO

FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Fichiers communs\fluxDVD\Download Manager\Mozilla [2007/04/18 12:59:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\ [2009/11/16 21:33:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/06 17:55:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 17:55:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.3\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2009/11/27 19:26:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.3\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2009/11/27 19:26:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/01/06 19:20:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/11/27 19:26:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\tbextension\ [2009/02/07 21:56:18 | 00,000,000 | ---D | M]

[2010/01/06 19:20:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Extensions
[2010/01/06 19:20:42 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/09/13 18:38:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/08 20:23:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\imvk6jwp.default\extensions
[2010/01/05 09:14:13 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\imvk6jwp.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2008/02/20 21:30:24 | 00,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\imvk6jwp.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(2)
[2010/01/05 09:12:57 | 00,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\imvk6jwp.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(3)
[2009/10/28 19:41:59 | 00,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\imvk6jwp.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/12/13 09:07:29 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\imvk6jwp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/08/06 17:36:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\imvk6jwp.default\extensions\fr@dictionaries.addons.mozilla.org
[2009/08/06 17:36:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\imvk6jwp.default\extensions\fr-FR@dictionaries.addons.mozilla.org
[2009/12/15 17:30:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\imvk6jwp.default\extensions\SkipScreen@SkipScreen
[2008/02/20 21:29:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\imvk6jwp.default\extensions\TabSidebar@blueprintit.co(2).uk
[2006/12/24 22:38:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Sunbird\Profiles\wso61c2k.default\extensions
[2008/11/24 14:50:50 | 00,000,838 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\imvk6jwp.default\searchplugins\conduit.xml
[2010/01/08 17:48:27 | 00,002,016 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Mozilla\Firefox\Profiles\imvk6jwp.default\searchplugins\yopmailcom--email-temporaire.xml
[2010/01/08 20:23:40 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/16 21:31:06 | 00,065,536 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\FFComm.dll
[2006/03/17 10:56:34 | 00,095,128 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPMPDRM.dll
[2009/05/05 14:10:44 | 01,961,984 | ---- | M] (Myriad Software.) -- C:\Program Files\Mozilla Firefox\plugins\NPMyrMus.dll
[2010/01/05 16:22:36 | 00,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2009/07/04 19:04:31 | 00,002,194 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2010/01/05 16:22:36 | 00,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/05 16:22:37 | 00,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2006/09/10 12:35:08 | 00,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/01/05 16:22:37 | 00,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/01/05 16:22:38 | 00,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: (7077936 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 0.r.msn.com #[microsoft_adcenter]
O1 - Hosts: 127.0.0.1 000dom.revenuedirect.com
O1 - Hosts: 127.0.0.1 00a0-f0d5-a44e-33s6.cnc-inc.cn
O1 - Hosts: 127.0.0.1 011707160008.c.mystat-in.net
O1 - Hosts: 127.0.0.1 061606084448.c.mystat-in.net
O1 - Hosts: 127.0.0.1 070806142521.c.mystat-in.net
O1 - Hosts: 127.0.0.1 08search.com #[klikadvertising]
O1 - Hosts: 127.0.0.1 090906042103.c.mystat-in.net
O1 - Hosts: 127.0.0.1 092706152958.c.mystat-in.net
O1 - Hosts: 127.0.0.1 0scanner.com
O1 - Hosts: 127.0.0.1 1.9797aiai.com #[eTrust.Win32/XinCrak]
O1 - Hosts: 127.0.0.1 1.httpdads.com
O1 - Hosts: 127.0.0.1 1.xqhgm.com
O1 - Hosts: 127.0.0.1 100-celebrities.com
O1 - Hosts: 127.0.0.1 100.mbn.com.ua
O1 - Hosts: 127.0.0.1 100.topnews.ru
O1 - Hosts: 127.0.0.1 10006.hittail.com
O1 - Hosts: 127.0.0.1 10168.hittail.com
O1 - Hosts: 127.0.0.1 102106151057.c.mystat-in.net
O1 - Hosts: 127.0.0.1 1047.www1.p0rt2.com
O1 - Hosts: 127.0.0.1 10661.kit.carpediem.fr
O1 - Hosts: 127.0.0.1 10xhellometro.112.2o7.net
O1 - Hosts: 127.0.0.1 11.rtstats.com
O1 - Hosts: 127.0.0.1 112006133326.c.mystat-in.net
O1 - Hosts: 214975 more lines...
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files\Fichiers communs\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: () - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\Program Files\Star Downloader\SDIEInt.dll ()
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No CLSID value found.
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (BitDefender)
O4 - HKLM..\Run: [eTrustPPAP] C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe (Computer Associates)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\PROPRIETAIRE\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\PROPRIETAIRE\Menu Démarrer\Programmes\Démarrage\SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe ()
O4 - Startup: C:\Documents and Settings\PROPRIETAIRE\Menu Démarrer\Programmes\Démarrage\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Télécharger avec Star Downloader - C:\Program Files\Star Downloader\sdie.htm ()
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .mu3 - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .mus - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .mxl - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .mya - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .myr - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .myt - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O12 - Plugin for: .xmz - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll (Myriad Software.)
O15 - HKLM\..Trusted Domains: canalplay.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: canalplusactive.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: 60 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: canalplay.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: canalplusactive.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: 553 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 8641428265 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (sockspy.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/09 12:14:59 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/01/07 10:10:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PROPRIETAIRE\Mes documents\Malwarebytes log
[2010/01/07 09:59:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/07 09:56:45 | 00,000,000 | ---D | C] -- C:\erunt
[2010/01/07 09:55:44 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/07 09:55:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PROPRIETAIRE\Bureau\erunt-loc_fr
[2010/01/07 09:53:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Malwarebytes
[2010/01/07 09:53:48 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 09:53:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/07 09:53:44 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/07 09:53:44 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/07 09:46:35 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\PROPRIETAIRE\Bureau\erunt-setup.exe
[2010/01/07 09:39:47 | 05,061,520 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\PROPRIETAIRE\Bureau\mbam-setup.exe
[2010/01/07 09:38:54 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PROPRIETAIRE\Bureau\OTL.exe
[2010/01/05 17:00:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\FreeFixer
[2010/01/05 17:00:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\FreeFixer
[2010/01/05 16:58:49 | 00,000,000 | ---D | C] -- C:\Program Files\FreeFixer
[2010/01/05 14:44:09 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/01/05 10:11:53 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\PROPRIETAIRE\Recent
[2010/01/05 09:13:34 | 00,000,000 | ---D | C] -- C:\Program Files\Video Convert Master
[2009/12/29 11:45:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PROPRIETAIRE\Mes documents\FGB
[2009/12/28 18:39:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PROPRIETAIRE\Bureau\Avatar
[2009/04/26 10:33:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/05/11 22:40:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/01/22 20:19:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/05/03 12:36:30 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\PROPRIETAIRE\Application Data\pcouffin.sys
[2006/12/09 12:17:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/12/09 12:14:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/12/09 12:14:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[469 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/09 18:40:43 | 00,001,000 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/09 18:40:39 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/09 18:40:28 | 00,043,573 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/09 18:40:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/09 18:39:19 | 13,369,344 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\ntuser.dat
[2010/01/09 18:39:19 | 00,000,284 | -HS- | M] () -- C:\Documents and Settings\PROPRIETAIRE\ntuser.ini
[2010/01/09 18:10:01 | 00,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2010/01/09 09:36:02 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2010/01/08 18:14:09 | 00,293,376 | ---- | M] () -- C:\lh0nschg.exe
[2010/01/08 18:02:31 | 01,681,408 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\Moralit-.pps
[2010/01/08 17:40:29 | 00,068,471 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\813777.jpg
[2010/01/07 16:56:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/07 15:22:22 | 00,070,628 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/07 15:16:53 | 00,001,224 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
[2010/01/07 09:56:01 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/01/07 09:55:45 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\NTREGOPT.lnk
[2010/01/07 09:55:45 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\ERUNT.lnk
[2010/01/07 09:53:50 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/01/07 09:47:13 | 00,005,024 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\erunt-loc_fr.zip
[2010/01/07 09:46:35 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\PROPRIETAIRE\Bureau\erunt-setup.exe
[2010/01/07 09:39:55 | 05,061,520 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\PROPRIETAIRE\Bureau\mbam-setup.exe
[2010/01/07 09:38:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PROPRIETAIRE\Bureau\OTL.exe
[2010/01/06 19:10:00 | 00,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ca5be7a7cbb40.job
[2010/01/06 15:45:20 | 07,077,936 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010/01/06 13:11:53 | 00,013,870 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Mes documents\PC de bureau.docx
[2010/01/05 22:10:51 | 00,000,650 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Menu Démarrer\Programmes\Démarrage\SpywareGuard.lnk
[2010/01/05 20:04:04 | 00,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk
[2010/01/05 16:01:06 | 07,078,470 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100106-154520.backup
[2010/01/05 09:34:41 | 07,077,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2010/01/04 17:27:23 | 07,077,374 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100105-093441.backup
[2010/01/03 18:13:04 | 00,000,000 | ---- | M] () -- C:\WINDOWS\WHWW~.AIF
[2010/01/03 16:10:58 | 29,308,5787 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\trailer_720p.mov
[2010/01/01 11:03:41 | 00,045,926 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\showfile.php.jpg
[2010/01/01 10:53:57 | 00,037,362 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\1image-sport12.jpg
[2010/01/01 10:52:31 | 00,019,424 | ---- | M] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\golf-facile.jpg
[2009/12/30 18:02:27 | 00,000,675 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2009/12/28 12:43:31 | 07,077,868 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100104-172720.backup
[469 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/08 18:14:05 | 00,293,376 | ---- | C] () -- C:\lh0nschg.exe
[2010/01/08 18:02:31 | 01,681,408 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\Moralit-.pps
[2010/01/08 17:40:17 | 00,068,471 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\813777.jpg
[2010/01/07 09:56:01 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/01/07 09:55:45 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\NTREGOPT.lnk
[2010/01/07 09:55:45 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\ERUNT.lnk
[2010/01/07 09:53:50 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/01/07 09:47:11 | 00,005,024 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\erunt-loc_fr.zip
[2010/01/06 13:08:20 | 00,013,870 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Mes documents\PC de bureau.docx
[2010/01/05 20:04:04 | 00,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk
[2010/01/05 09:02:18 | 00,001,000 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/03 16:08:00 | 29,308,5787 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\trailer_720p.mov
[2010/01/01 11:03:41 | 00,045,926 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\showfile.php.jpg
[2010/01/01 10:53:57 | 00,037,362 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\1image-sport12.jpg
[2010/01/01 10:52:29 | 00,019,424 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Bureau\golf-facile.jpg
[2009/12/01 22:54:45 | 00,191,880 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/11/03 12:06:18 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\MMPlugHostCtrl.dll
[2009/11/03 12:06:18 | 00,000,724 | ---- | C] () -- C:\WINDOWS\wacam.ini
[2009/03/09 13:48:39 | 00,000,137 | ---- | C] () -- C:\WINDOWS\ifoedit.INI
[2008/10/12 19:41:27 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2008/10/09 15:31:54 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/09/16 01:14:24 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/16 01:12:02 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/10 18:56:42 | 00,884,736 | ---- | C] () -- C:\WINDOWS\System32\HDX4MediaConverter.dll
[2008/06/20 20:39:36 | 00,000,030 | -H-- | C] () -- C:\WINDOWS\~mem001.sys
[2008/06/20 20:39:36 | 00,000,014 | ---- | C] () -- C:\WINDOWS\mm.sys
[2007/12/05 21:03:44 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2007/11/19 19:36:22 | 00,000,887 | ---- | C] () -- C:\WINDOWS\cPVAS.INI
[2007/10/18 16:40:12 | 00,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/10/15 15:59:17 | 00,425,984 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2007/07/13 20:14:12 | 00,000,135 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\fusioncache.dat
[2007/06/25 13:45:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2007/05/03 12:36:37 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Application Data\pcouffin.log
[2007/05/03 12:36:30 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Application Data\ezpinst.exe
[2007/05/03 12:36:30 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Application Data\pcouffin.inf
[2007/05/03 12:36:30 | 00,001,074 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Application Data\pcouffin.cat
[2007/04/12 10:01:20 | 00,000,100 | ---- | C] () -- C:\WINDOWS\COSYPRN1.INI
[2007/04/08 12:36:14 | 00,000,164 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/02/26 21:41:29 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/02/15 08:37:41 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2007/02/10 17:44:03 | 00,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/03 20:51:39 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/01/31 13:50:32 | 00,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2006/12/31 19:52:15 | 00,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/12/29 23:19:32 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/16 13:06:32 | 01,256,895 | ---- | C] () -- C:\Program Files\wrar341fr.exe
[2006/12/16 13:06:32 | 00,000,405 | ---- | C] () -- C:\Program Files\lipsheim.txt
[2006/12/10 19:25:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/12/10 01:59:57 | 01,138,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/12/10 01:59:57 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/12/10 01:59:55 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/12/10 01:59:55 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/12/10 00:55:43 | 00,190,976 | ---- | C] () -- C:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/09 12:30:45 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/03/02 13:00:00 | 00,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004624_.tmp.dll
[2006/03/02 13:00:00 | 00,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004592_.tmp.dll
[2005/12/09 20:06:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/12/09 20:06:00 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/12/09 20:06:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/12/09 20:06:00 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/12/09 20:06:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/12/09 20:06:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/12/09 20:06:00 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/12/07 11:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/03/14 14:38:28 | 00,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/04/09 14:16:08 | 07,602,176 | ---- | C] () -- C:\WINDOWS\System32\vaesaver.dll
[1998/09/14 20:43:16 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TWAIN32d.dll

========== LOP Check ==========

[2006/12/16 12:38:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\abelhadigital.com
[2009/02/07 21:58:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2006/12/10 19:02:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2007/10/18 16:31:30 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/01/07 09:55:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2009/09/30 17:35:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ciel
[2009/07/07 11:26:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CutList Plus
[2007/02/16 21:29:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2008/10/12 19:41:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/03/30 19:56:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/12/15 20:59:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2007/04/18 12:59:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mpDRM
[2007/02/16 23:24:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2006/12/24 17:23:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2007/10/18 16:40:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/06/25 13:17:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2010/01/08 18:21:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/12 19:41:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2008/12/24 20:55:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/09/30 11:15:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/02 12:53:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/12/02 22:14:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\abelhadigital.com
[2009/11/03 12:07:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\ACAMPREF
[2007/12/28 21:10:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\AlauxSoft
[2008/09/10 18:57:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Ashampoo
[2009/02/07 21:56:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\BitDefender
[2008/03/24 13:09:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Canon
[2007/04/07 20:15:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Copernic
[2009/07/09 06:14:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\CutList Plus
[2007/02/16 23:02:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Datalayer
[2008/07/27 19:06:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Dr. DivX 2.0 OSS
[2010/01/06 22:10:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\FileZilla
[2008/12/02 19:34:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\FinalBurner .ISO
[2008/12/13 22:57:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\FinalBurner Copy
[2008/12/13 22:57:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\FinalBurner WMVHD
[2010/01/05 17:04:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\FreeFixer
[2008/02/16 13:08:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Leadertech
[2009/09/13 18:41:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\LimeWire
[2008/10/12 19:41:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Nikon
[2008/09/25 19:40:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Nokia
[2009/03/30 20:19:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Nokia Multimedia Player
[2008/10/20 09:42:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\OpenOffice.org
[2007/05/04 18:27:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\PC Suite
[2007/05/01 21:27:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Pegasys Inc
[2007/10/18 16:40:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\ScanSoft
[2007/07/19 11:50:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\SpamPal
[2009/06/28 20:39:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\StarOffice8
[2007/06/25 13:22:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Teleca
[2010/01/06 19:20:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Thunderbird
[2009/12/01 18:57:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Uniblue
[2009/07/07 11:21:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Unigraphics Solutions
[2008/11/11 21:15:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\Vso
[2006/12/31 17:56:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\XnView
[2007/09/05 19:54:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PROPRIETAIRE\Application Data\yoclient
[2009/05/02 15:41:58 | 00,000,398 | ---- | M] () -- C:\WINDOWS\Tasks\NSSstub.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
<End>


Le PC n'est plus ralenti, et il me semble que les processus svchost ou vsserv qui utilisaient beaucoup d'UC sont moins envahissants.

Puis-je remettre en service Teatimer?

Merci pour ton aide.
ducateric
 
Messages: 20
Inscription: 05 Jan 2010, 19:42

Messagede nickW » 09 Jan 2010, 23:53

Bonsoir,

Une petite vérification: Peux-tu demander l'analyse en ligne par plusieurs antivirus du fichier C:\lh0nschg.exe


Étape 1: Affichage tous fichiers
Vérifier que ton PC affiche bien tous les fichiers
http://assiste.com.free.fr/p/comment/co ... aches.html


Étape 2: VirusTotal
Aller sur le site http://www.virustotal.com/fr/ - Note: Javascript doit être activé.

Sous Envoyer un fichier, cliquer sur le bouton Parcourir
Dans la fenêtre "Envoi du fichier", naviguer jusqu'au dossier C:\ (racine du disque système), puis sélectionner le fichier lh0nschg.exe et cliquer sur le bouton Ouvrir

Le fichier est envoyé. Si Virustotal annonce que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant

Il est possible que l'analyse soit mise en file d'attente (si de nombreuses demandes d'analyse sont en cours). Il faut dans ce cas patienter, sans Actualiser la page.

Laisser l'analyse se dérouler, tant que la mention en cours d'analyse est affichée.

Lorsque l'analyse est terminée (affichage de Situation actuelle: terminé), cliquer sur Image Formaté (situé juste sous le cadre Fichier... reçu le... - Résultat...)

Il y a ouverture d'une nouvelle fenêtre du navigateur. cliquer sur la seconde image à partir de la gauche: Image

Faire un clic droit sur la page puis choisir Sélectionner tout, faire de nouveau un clic droit puis choisir Copier

Revenir sur le forum, dans ton sujet, cliquer sur le bouton Répondre, puis Coller dans le nouveau message le résultat de Virustotal.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

virustotal

Messagede ducateric » 10 Jan 2010, 09:21

Bonjour,

merci pour la réponse.

Le bouton "formater" ne fonctionnant pas (j'ai réinstallé la plateforme java mise à jour pour Firefox, sans résultat), j'ai copier/coller le résultat de Virustotal à l'écran.

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.48 2010.01.10 -
AhnLab-V3 5.0.0.2 2010.01.10 -
AntiVir 7.9.1.130 2010.01.08 -
Antiy-AVL 2.0.3.7 2010.01.08 -
Authentium 5.2.0.5 2010.01.09 -
Avast 4.8.1351.0 2010.01.10 -
AVG 8.5.0.430 2010.01.04 -
BitDefender 7.2 2010.01.10 -
CAT-QuickHeal 10.00 2010.01.09 -
ClamAV 0.94.1 2010.01.09 -
Comodo 3514 2010.01.08 -
DrWeb 5.0.1.12222 2010.01.10 -
eSafe 7.0.17.0 2010.01.07 -
eTrust-Vet 35.2.7226 2010.01.08 -
F-Prot 4.5.1.85 2010.01.09 -
F-Secure 9.0.15370.0 2010.01.10 -
Fortinet 4.0.14.0 2010.01.09 -
GData 19 2010.01.10 -
Ikarus T3.1.1.80.0 2010.01.10 -
Jiangmin 13.0.900 2010.01.10 -
K7AntiVirus 7.10.943 2010.01.09 -
Kaspersky 7.0.0.125 2010.01.10 -
McAfee 5856 2010.01.09 -
McAfee+Artemis 5856 2010.01.09 Artemis!F80F6E09E7F4
McAfee-GW-Edition 6.8.5 2010.01.09 -
Microsoft 1.5302 2010.01.10 -
NOD32 4757 2010.01.09 -
Norman 6.04.03 2010.01.09 -
nProtect 2009.1.8.0 2010.01.10 -
Panda 10.0.2.2 2010.01.09 -
PCTools 7.0.3.5 2010.01.10 -
Prevx 3.0 2010.01.10 -
Rising 22.29.06.03 2010.01.10 -
Sophos 4.49.0 2010.01.10 -
Sunbelt 3.2.1858.2 2010.01.09 -
Symantec 20091.2.0.41 2010.01.10 -
TheHacker 6.5.0.3.145 2010.01.10 -
TrendMicro 9.120.0.1004 2010.01.10 -
VBA32 3.12.12.1 2010.01.09 -
ViRobot 2010.1.8.2128 2010.01.08 -
VirusBuster 5.0.21.0 2010.01.09 -
Information additionnelle
File size: 293376 bytes
MD5 : f80f6e09e7f4bafe478ca0da6137e1e2
SHA1 : 719082766cf4f60c8bdaa2b2c9f6967ecbcf8722
SHA256: 682fd0d13d7caf4b17a1eb9bafa0a3c3598139bb3623d3f5fba3bfbd0a6d424a
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xB3F40
timedatestamp.....: 0x4B2763F0 (Tue Dec 15 11:24:48 2009)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x6D000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x6E000 0x47000 0x46200 7.93 7b777c30b7f75e5eb654691bb1616dcb
.rsrc 0xB5000 0x2000 0x1400 3.38 710fb4291f153e98a3a03f3473b8bfd6

( 1 imports )

> kernel32.dll: LoadLibraryA, GetProcAddress, VirtualProtect, ExitProcess

( 0 exports )
TrID : File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
ssdeep: 6144:Uwbg2xeuJgWM/S1tm/xCIoQPJVZCzw5bEPb3cV9iYpTkyTFHS2:Uw82IZWM61tUXRd9IPb3cVZkyp/
PEiD : -
packers (Kaspersky): PE_Patch.UPX, UPX, PE_Patch
packers (F-Prot): UPX
RDS : NSRL Reference Data Set
-

ATENTION ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.

En souhaitant que cela soit exploitable.
ducateric
 
Messages: 20
Inscription: 05 Jan 2010, 19:42

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Google [Bot] et 48 invités

cron