Demande d'analyse...

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Demande d'analyse...

Messagede alfadelta » 02 Fév 2010, 10:51

Bonjour,
Voici mes symptômes :
- Il me semble que ma connexion internet (et le pc aussi à vrai dire) est très très lente. Mon Pc est assez vieux, et ma connexion ADSL est non dégroupé, dans la montagne, mais je trouve une différence avec "AVANT". Je soupçonne des virus. Avira en a trouvé un Mais se pourrait-il qu'il y en ait d'autres?
- Par moment impossible d'ouvrir une page firefox (il me dit "firefox est déjà en cours d'utilisation", alors que non) et au démarrage suivant il restaure la session précédente!
- Parfois le PC est occupé par je ne sais quoi!
Merci d'avance.
Rapport Malware:
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3671
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

01/02/2010 11:26:21
mbam-log-2010-02-01 (11-26-21).txt

Type de recherche: Examen rapide
Eléments examinés: 118105
Temps écoulé: 10 minute(s), 8 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
alfadelta
 
Messages: 7
Inscription: 29 Jan 2010, 21:45

Demande d'analyse... (suite)

Messagede alfadelta » 02 Fév 2010, 10:54

Voici les rapports OTL.
OTL Extras logfile created on: 01/02/2010 11:57:32 - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Andre\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

255,00 Mb Total Physical Memory | 68,00 Mb Available Physical Memory | 27,00% Memory free
625,00 Mb Paging File | 209,00 Mb Available in Paging File | 33,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 61,70 Gb Free Space | 78,97% Space Free | Partition Type: NTFS
Drive D: | 18,62 Gb Total Space | 14,17 Gb Free Space | 76,10% Space Free | Partition Type: NTFS
Drive E: | 38,33 Gb Total Space | 3,86 Gb Free Space | 10,06% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 154,76 Gb Total Space | 152,59 Gb Free Space | 98,60% Space Free | Partition Type: NTFS
Drive H: | 3,84 Gb Total Space | 0,51 Gb Free Space | 13,30% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: ANDRE
Current User Name: Andre
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"2452:TCP" = 2452:TCP:*:Enabled:eivsegjv

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\d4time\D4.exe" = C:\Program Files\d4time\D4.exe:*:Enabled:Dimension 4 -- (Thinking Man Software)
"C:\Program Files\ICQ\Icq.exe" = C:\Program Files\ICQ\Icq.exe:*:Enabled:ICQ -- (ICQ Inc.)
"C:\Program Files\wincmd\WINCMD32.EXE" = C:\Program Files\wincmd\WINCMD32.EXE:*:Enabled:Windows Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4 -- (SEIKO EPSON CORPORATION)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1036-7B44-A92000000001}" = Adobe Reader 9.2 - Français
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ERUNT_is1" = ERUNT 1.1j
"Google Updater" = Outil de mise à jour Google
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"PicturesToExe" = PicturesToExe
"PoiEdit" = PoiEdit
"TomTom HOME" = TomTom HOME 2.7.3.1894
"VLC media player" = VLC media player 1.0.2
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20/01/2010 04:33:34 | Computer Name = ANDRE | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 21/01/2010 11:21:50 | Computer Name = ANDRE | Source = Application Error | ID = 1000
Description = Application défaillante explorer.exe, version 6.0.2900.2180, module
défaillant medialibrarynse.dll, version 1.5.13.0, adresse de défaillance 0x000103f1.

Error - 21/01/2010 14:03:44 | Computer Name = ANDRE | Source = Application Error | ID = 1000
Description = Application défaillante drwtsn32.exe, version 5.1.2600.0, module défaillant
dbghelp.dll, version 5.1.2600.2180, adresse de défaillance 0x0001295d.

Error - 29/01/2010 05:08:43 | Computer Name = ANDRE | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré.


Error - 29/01/2010 15:59:48 | Computer Name = ANDRE | Source = crypt32 | ID = 131083
Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
CAB de mise à jour automatique à : <http>
avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
la vérification par rapport à l'horloge système en cours ou le tampon daté dans
le fichier signé.

Error - 29/01/2010 15:59:49 | Computer Name = ANDRE | Source = crypt32 | ID = 131083
Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
CAB de mise à jour automatique à : <http>
avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
la vérification par rapport à l'horloge système en cours ou le tampon daté dans
le fichier signé.

Error - 29/01/2010 16:00:04 | Computer Name = ANDRE | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré.


Error - 29/01/2010 16:02:00 | Computer Name = ANDRE | Source = crypt32 | ID = 131083
Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
CAB de mise à jour automatique à : <http>
avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
la vérification par rapport à l'horloge système en cours ou le tampon daté dans
le fichier signé.

Error - 29/01/2010 16:02:15 | Computer Name = ANDRE | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http>
avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré.


Error - 29/01/2010 16:02:21 | Computer Name = ANDRE | Source = crypt32 | ID = 131083
Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
CAB de mise à jour automatique à : <http>
avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
la vérification par rapport à l'horloge système en cours ou le tampon daté dans
le fichier signé.

[ System Events ]
Error - 30/01/2010 13:58:50 | Computer Name = ANDRE | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service BITS
avec les arguments "" pour démarrer le serveur : {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 01/02/2010 05:24:21 | Computer Name = ANDRE | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service
TrueVector Internet Monitor.

Error - 01/02/2010 05:24:21 | Computer Name = ANDRE | Source = Service Control Manager | ID = 7000
Description = Le service TrueVector Internet Monitor n'a pas pu démarrer en raison
de l'erreur : %%1053

Error - 01/02/2010 05:24:21 | Computer Name = ANDRE | Source = Service Control Manager | ID = 7000
Description = Le service Pinnacle WDM PCTV Video Capture n'a pas pu démarrer en
raison de l'erreur : %%2

Error - 01/02/2010 05:24:21 | Computer Name = ANDRE | Source = Service Control Manager | ID = 7023
Description = Le service Monitor Microsoft s'est arrêté avec l'erreur : %%126

Error - 01/02/2010 05:25:34 | Computer Name = ANDRE | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service BITS
avec les arguments "" pour démarrer le serveur : {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 01/02/2010 05:26:46 | Computer Name = ANDRE | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service
Google Software Updater.

Error - 01/02/2010 05:26:46 | Computer Name = ANDRE | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1053" lors de la mise en route du service gusvc
avec les arguments "" pour démarrer le serveur : {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error - 01/02/2010 05:34:32 | Computer Name = ANDRE | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service BITS
avec les arguments "" pour démarrer le serveur : {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 01/02/2010 06:29:59 | Computer Name = ANDRE | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service BITS
avec les arguments "" pour démarrer le serveur : {4991D34B-80A1-4291-83B6-3328366B9097}


<End>

_______________________________________________

OTL logfile created on: 01/02/2010 11:57:31 - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Andre\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

255,00 Mb Total Physical Memory | 68,00 Mb Available Physical Memory | 27,00% Memory free
625,00 Mb Paging File | 209,00 Mb Available in Paging File | 33,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 61,70 Gb Free Space | 78,97% Space Free | Partition Type: NTFS
Drive D: | 18,62 Gb Total Space | 14,17 Gb Free Space | 76,10% Space Free | Partition Type: NTFS
Drive E: | 38,33 Gb Total Space | 3,86 Gb Free Space | 10,06% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 154,76 Gb Total Space | 152,59 Gb Free Space | 98,60% Space Free | Partition Type: NTFS
Drive H: | 3,84 Gb Total Space | 0,51 Gb Free Space | 13,30% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: ANDRE
Current User Name: Andre
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/29 21:49:32 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andre\Bureau\OTL.exe
PRC - [2010/01/15 08:15:41 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/15 08:15:40 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/12/04 16:36:20 | 02,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/12/04 16:34:52 | 01,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/11/13 12:31:14 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/11/13 12:31:12 | 00,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/10/27 16:58:58 | 00,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2009/10/27 16:58:48 | 00,730,480 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/21 17:33:06 | 00,208,616 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
PRC - [2009/03/02 13:08:11 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/08/04 00:02:20 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/03/30 09:36:40 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/03/30 16:30:16 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/12/23 17:05:20 | 00,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 17:04:42 | 00,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/12/23 16:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
PRC - [2006/11/30 16:06:28 | 02,486,272 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.1\program\soffice.bin
PRC - [2006/11/30 16:06:18 | 02,334,720 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
PRC - [2006/11/23 14:10:42 | 00,056,928 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2006/11/13 13:07:02 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:06:52 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/11/10 15:19:32 | 01,051,648 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2006/11/10 15:18:42 | 00,859,136 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2006/10/19 12:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
PRC - [2006/09/22 03:01:00 | 00,139,264 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIBIE.EXE
PRC - [2006/03/17 09:30:26 | 00,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
PRC - [2006/02/22 04:39:16 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006/02/21 20:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/08/07 13:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2004/08/19 15:10:00 | 00,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2004/08/19 15:09:54 | 01,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/10/24 09:47:42 | 00,118,784 | ---- | M] (OLITEC) -- C:\OLIFAXVX\TOOLBAR.EXE
PRC - [2001/03/15 04:18:18 | 00,049,254 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe


========== Modules (SafeList) ==========

MOD - [2010/01/29 21:49:32 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andre\Bureau\OTL.exe
MOD - [2009/10/27 16:59:06 | 00,628,080 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2008/07/29 20:22:12 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll
MOD - [2008/07/29 20:22:08 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll
MOD - [2006/12/01 21:54:34 | 00,548,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
MOD - [2006/12/01 21:54:32 | 00,626,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
MOD - [2004/08/19 15:07:58 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/15 08:15:41 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/01/15 08:15:40 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/12/04 16:36:20 | 02,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/11/13 12:31:14 | 00,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/10/27 16:58:58 | 00,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/21 17:33:06 | 00,208,616 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- (AVP)
SRV - [2009/04/18 09:15:41 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/01/05 12:41:10 | 00,774,144 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2006/12/23 16:54:04 | 00,262,144 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/11/10 15:18:42 | 00,859,136 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2006/10/19 12:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/05/09 17:24:54 | 00,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2006/02/22 04:39:16 | 00,405,504 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/02/21 20:05:00 | 00,520,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2005/08/07 13:54:00 | 00,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)


========== Driver Services (SafeList) ==========

DRV - [2010/01/15 08:15:42 | 00,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/01/15 08:15:42 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/12/04 16:34:56 | 00,486,280 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/10/27 16:58:32 | 00,025,208 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009/03/30 10:32:47 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:34:33 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/02/05 20:59:26 | 00,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/02/05 20:59:03 | 00,213,520 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2008/07/31 23:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/07/21 18:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008/04/30 18:06:48 | 00,024,592 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2006/11/10 15:17:50 | 00,033,792 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2006/11/10 15:16:34 | 00,031,360 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2006/11/10 15:15:44 | 00,102,912 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006/11/06 17:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2006/05/09 16:50:56 | 00,034,944 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/02/22 04:46:26 | 01,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/02/14 01:00:00 | 00,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\K!TV\Plugins\S_Bt8x8\DSDrv4.sys -- (DSDrv4)
DRV - [2004/08/03 22:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 21:59:52 | 00,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/03 21:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - [2002/11/11 18:52:54 | 00,006,400 | ---- | M] (Pinnacle Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctvvbi.sys -- (pctvvbi)
DRV - [2002/11/01 10:11:20 | 00,451,599 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmuda.sys -- (cmuda)
DRV - [2002/09/16 17:07:24 | 00,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2002/06/17 13:09:56 | 00,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2001/08/28 13:00:00 | 00,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2001/08/28 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [1998/02/25 23:27:02 | 00,022,688 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PPSIO.SYS -- (ppsio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = andre.dubant.free.fr
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://andre.dubant.free.fr/
IE - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\S-1-5-21-1960408961-1767777339-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\S-1-5-21-1960408961-1767777339-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\S-1-5-21-1960408961-1767777339-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.13.1.5:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "engine://C%3A%5CPROGRAM%20FILES%5CMOZILLA.ORG%5CMOZILLA%5Csearchplugins%5Cgooglefr.src"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.fr"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.29
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/01/15 08:57:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/27 16:39:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/23 21:03:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/12/01 14:00:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/01/13 23:11:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\Mozilla\Extensions
[2010/01/13 23:11:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/02/01 10:51:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\Mozilla\Firefox\Profiles\3g97cwj8.default\extensions
[2009/10/20 17:02:27 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Andre\Application Data\Mozilla\Firefox\Profiles\3g97cwj8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/02/24 23:49:06 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\Andre\Application Data\Mozilla\Firefox\Profiles\3g97cwj8.default\searchplugins\winamp-search.xml
[2010/02/01 10:51:00 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/16 02:10:07 | 00,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/01/16 02:10:07 | 00,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/16 02:10:07 | 00,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/01/16 02:10:07 | 00,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/01/16 02:10:07 | 00,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2008/11/08 18:36:33 | 00,290,933 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10016 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [Dimension4] C:\Program Files\d4time\D4.exe (Thinking Man Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003..\Run: [\\PC_NADOU\EPSON Stylus DX6000 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003..\Run: [Auto EPSON Stylus DX6000 Series (Copie 1) sur PC_NADOU] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003..\Run: [Auto EPSON Stylus DX6000 Series sur PC_NADOU] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Andre\Menu Démarrer\Programmes\Démarrage\Barre d'Outils Olitec.lnk = C:\OLIFAXVX\TOOLBAR.EXE (OLITEC)
O4 - Startup: C:\Documents and Settings\Andre\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Andre\Menu Démarrer\Programmes\Démarrage\Moniteur Fax-Voix.lnk = C:\OLIFAXVX\MONITEUR.EXE ()
O4 - Startup: C:\Documents and Settings\Andre\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\..Trusted Domains: ([]msn in Poste de travail)
O15 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Andre\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Andre\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/05 12:06:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/11/02 19:02:52 | 00,000,000 | ---D | M] - H:\auto -- [ FAT32 ]
O33 - MountPoints2\{3b0465f7-5656-11de-8d9d-000b6a271107}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/04/05 12:05:29 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/01/29 22:08:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/29 22:05:50 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/29 22:02:11 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Andre\Bureau\erunt-setup.exe
[2010/01/29 21:57:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Application Data\Malwarebytes
[2010/01/29 21:57:29 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/29 21:57:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/29 21:57:14 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/29 21:57:12 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/29 21:50:07 | 05,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andre\Bureau\mbam-setup.exe
[2010/01/29 21:49:27 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andre\Bureau\OTL.exe
[2010/01/29 21:12:30 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/19 18:57:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Application Data\dvdcss
[2010/01/15 08:30:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Mes documents\ForceField Shared Files
[2010/01/15 08:30:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Application Data\CheckPoint
[2010/01/15 08:28:51 | 00,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/01/15 08:28:16 | 00,046,472 | ---- | C] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsutil_loc040c.dll
[2010/01/15 08:28:08 | 00,058,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2010/01/15 08:27:57 | 00,103,816 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2010/01/15 08:27:55 | 00,069,000 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2010/01/15 08:26:49 | 00,041,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2010/01/15 08:26:42 | 01,238,408 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2010/01/15 08:26:41 | 00,109,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2010/01/15 08:26:36 | 00,299,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2010/01/15 08:26:35 | 00,107,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2010/01/15 08:26:02 | 00,486,280 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2010/01/15 08:25:01 | 00,112,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2010/01/15 08:24:59 | 00,621,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2010/01/15 08:24:59 | 00,227,720 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2010/01/15 08:20:03 | 00,713,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sxs.dll
[2010/01/15 08:20:00 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/01/14 17:05:00 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/01/14 17:04:59 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/01/14 17:04:59 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/01/14 17:04:59 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/01/14 17:04:18 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/01/13 23:11:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Local Settings\Application Data\TomTom
[2010/01/13 23:11:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Application Data\TomTom
[2010/01/13 23:10:32 | 00,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2010/01/13 23:09:09 | 00,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[2010/01/03 14:47:57 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/03 14:47:57 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/03 14:47:56 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/02/16 18:39:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/05/12 21:18:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/04/05 12:58:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/04/05 12:14:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/04/05 12:05:33 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/04/05 12:05:33 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/02/01 11:00:27 | 08,912,896 | -H-- | M] () -- C:\Documents and Settings\Andre\NTUSER.DAT
[2010/02/01 10:25:35 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/01 10:23:54 | 00,001,000 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/01 10:22:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/01 10:22:12 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/01 10:22:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/30 22:58:07 | 00,589,856 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/01/30 22:58:07 | 00,035,776 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/01/30 22:58:07 | 00,007,288 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/01/30 22:58:06 | 03,770,400 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/01/30 22:57:22 | 00,000,184 | -HS- | M] () -- C:\Documents and Settings\Andre\ntuser.ini
[2010/01/29 22:08:23 | 00,005,024 | ---- | M] () -- C:\Documents and Settings\Andre\Bureau\erunt-loc_fr.zip
[2010/01/29 22:06:01 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Andre\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/01/29 22:05:56 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Andre\Bureau\NTREGOPT.lnk
[2010/01/29 22:05:56 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Andre\Bureau\ERUNT.lnk
[2010/01/29 22:02:31 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Andre\Bureau\erunt-setup.exe
[2010/01/29 21:57:35 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/01/29 21:51:52 | 05,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andre\Bureau\mbam-setup.exe
[2010/01/29 21:49:32 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andre\Bureau\OTL.exe
[2010/01/29 21:42:30 | 00,005,718 | ---- | M] () -- C:\WINDOWS\UEDIT32.INI
[2010/01/29 21:12:32 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Andre\Bureau\HijackThis.lnk
[2010/01/29 20:50:09 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Andre\Local Settings\Application Data\housecall.guid.cache
[2010/01/26 18:37:50 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/23 21:03:25 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2010/01/21 10:56:40 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/21 10:06:02 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/01/15 08:31:39 | 00,428,416 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/01/15 08:28:34 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/01/15 08:28:32 | 00,000,731 | ---- | M] () -- C:\Documents and Settings\Andre\Bureau\ZoneAlarm Security.lnk
[2010/01/15 08:21:26 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/15 08:15:42 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/01/15 08:15:42 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/01/14 17:05:35 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2010/01/12 10:58:51 | 00,000,378 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/01/29 22:06:01 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Andre\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/01/29 22:05:56 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Andre\Bureau\NTREGOPT.lnk
[2010/01/29 22:05:56 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Andre\Bureau\ERUNT.lnk
[2010/01/29 22:04:09 | 00,005,024 | ---- | C] () -- C:\Documents and Settings\Andre\Bureau\erunt-loc_fr.zip
[2010/01/29 21:57:35 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/01/29 21:12:32 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Andre\Bureau\HijackThis.lnk
[2010/01/29 20:50:09 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Andre\Local Settings\Application Data\housecall.guid.cache
[2010/01/21 10:06:02 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/01/21 10:06:01 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/01/15 08:28:32 | 00,000,731 | ---- | C] () -- C:\Documents and Settings\Andre\Bureau\ZoneAlarm Security.lnk
[2010/01/15 08:26:02 | 00,428,416 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/01/14 17:05:33 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2008/09/29 21:32:16 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2008/06/03 20:05:16 | 00,000,868 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2007/11/07 21:17:32 | 00,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2007/05/26 13:56:03 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Andre\Application Data\$_hpcst$.hpc
[2007/05/04 09:32:29 | 00,000,031 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2007/03/13 18:42:42 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDER300Euro.ini
[2007/02/13 18:11:43 | 00,000,096 | ---- | C] () -- C:\WINDOWS\jascreg.ini
[2007/02/13 18:11:07 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll
[2006/10/25 18:50:52 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/10/09 16:49:25 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDE V10V100V350EFGD.ini
[2006/09/15 16:02:35 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Andre\Local Settings\Application Data\fusioncache.dat
[2006/09/08 17:07:49 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/09/08 17:07:49 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/09/08 17:07:12 | 00,618,496 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2006/09/08 17:07:11 | 00,2
alfadelta
 
Messages: 7
Inscription: 29 Jan 2010, 21:45

Messagede nickW » 04 Fév 2010, 00:17

Bonsoir,

Première remarque:
Il y a deux antivirus actifs (Avira AntiVir Personal et Kaspersky Anti-Virus 2009) : ils se gênent l'un l'autre.
Il faut en désactiver/désinstaller un!

Pour désinstaller Kaspersky Anti-Virus 2009, voir:
http://support.kaspersky.com/fr/faq/?qid=208279744
http://support.kaspersky.com/fr/faq/?qid=208279463

Pour désinstaller Avira AntiVir Personal, voir:
http://www.avira.com/fr/support/faqdetails.php?id=88
Avira RegistryCleaner: http://www.avira.com/fr/support/support ... ments.html


Seconde remarque:
Comme tu as envoyé les deux rapports d'analyse de OTL dans le même message, le second est incomplet.
Peux-tu renvoyer le rapport principal (contenu du fichier OTL.Txt)?


A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Demande d'analyse suite.

Messagede alfadelta » 05 Fév 2010, 12:05

Merci. J'ai supprimé Kapsersky. Et voici OTL complet.

OTL logfile created on: 01/02/2010 11:57:31 - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Andre\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

255,00 Mb Total Physical Memory | 68,00 Mb Available Physical Memory | 27,00% Memory free
625,00 Mb Paging File | 209,00 Mb Available in Paging File | 33,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 61,70 Gb Free Space | 78,97% Space Free | Partition Type: NTFS
Drive D: | 18,62 Gb Total Space | 14,17 Gb Free Space | 76,10% Space Free | Partition Type: NTFS
Drive E: | 38,33 Gb Total Space | 3,86 Gb Free Space | 10,06% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 154,76 Gb Total Space | 152,59 Gb Free Space | 98,60% Space Free | Partition Type: NTFS
Drive H: | 3,84 Gb Total Space | 0,51 Gb Free Space | 13,30% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: ANDRE
Current User Name: Andre
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/29 21:49:32 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andre\Bureau\OTL.exe
PRC - [2010/01/15 08:15:41 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/15 08:15:40 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/12/04 16:36:20 | 02,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/12/04 16:34:52 | 01,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/11/13 12:31:14 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/11/13 12:31:12 | 00,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/10/27 16:58:58 | 00,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2009/10/27 16:58:48 | 00,730,480 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/21 17:33:06 | 00,208,616 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
PRC - [2009/03/02 13:08:11 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/08/04 00:02:20 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/03/30 09:36:40 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/03/30 16:30:16 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/12/23 17:05:20 | 00,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 17:04:42 | 00,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/12/23 16:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
PRC - [2006/11/30 16:06:28 | 02,486,272 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.1\program\soffice.bin
PRC - [2006/11/30 16:06:18 | 02,334,720 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
PRC - [2006/11/23 14:10:42 | 00,056,928 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2006/11/13 13:07:02 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:06:52 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/11/10 15:19:32 | 01,051,648 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2006/11/10 15:18:42 | 00,859,136 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2006/10/19 12:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
PRC - [2006/09/22 03:01:00 | 00,139,264 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIBIE.EXE
PRC - [2006/03/17 09:30:26 | 00,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
PRC - [2006/02/22 04:39:16 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006/02/21 20:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/08/07 13:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2004/08/19 15:10:00 | 00,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2004/08/19 15:09:54 | 01,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/10/24 09:47:42 | 00,118,784 | ---- | M] (OLITEC) -- C:\OLIFAXVX\TOOLBAR.EXE
PRC - [2001/03/15 04:18:18 | 00,049,254 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe


========== Modules (SafeList) ==========

MOD - [2010/01/29 21:49:32 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andre\Bureau\OTL.exe
MOD - [2009/10/27 16:59:06 | 00,628,080 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2008/07/29 20:22:12 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll
MOD - [2008/07/29 20:22:08 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll
MOD - [2006/12/01 21:54:34 | 00,548,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
MOD - [2006/12/01 21:54:32 | 00,626,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
MOD - [2004/08/19 15:07:58 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/15 08:15:41 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/01/15 08:15:40 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/12/04 16:36:20 | 02,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/11/13 12:31:14 | 00,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/10/27 16:58:58 | 00,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/21 17:33:06 | 00,208,616 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- (AVP)
SRV - [2009/04/18 09:15:41 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/01/05 12:41:10 | 00,774,144 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2006/12/23 16:54:04 | 00,262,144 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/11/10 15:18:42 | 00,859,136 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2006/10/19 12:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/05/09 17:24:54 | 00,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2006/02/22 04:39:16 | 00,405,504 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/02/21 20:05:00 | 00,520,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2005/08/07 13:54:00 | 00,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)


========== Driver Services (SafeList) ==========

DRV - [2010/01/15 08:15:42 | 00,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/01/15 08:15:42 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/12/04 16:34:56 | 00,486,280 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/10/27 16:58:32 | 00,025,208 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009/03/30 10:32:47 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:34:33 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/02/05 20:59:26 | 00,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/02/05 20:59:03 | 00,213,520 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2008/07/31 23:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/07/21 18:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008/04/30 18:06:48 | 00,024,592 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2006/11/10 15:17:50 | 00,033,792 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2006/11/10 15:16:34 | 00,031,360 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2006/11/10 15:15:44 | 00,102,912 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006/11/06 17:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2006/05/09 16:50:56 | 00,034,944 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/02/22 04:46:26 | 01,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/02/14 01:00:00 | 00,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\K!TV\Plugins\S_Bt8x8\DSDrv4.sys -- (DSDrv4)
DRV - [2004/08/03 22:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 21:59:52 | 00,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/03 21:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - [2002/11/11 18:52:54 | 00,006,400 | ---- | M] (Pinnacle Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctvvbi.sys -- (pctvvbi)
DRV - [2002/11/01 10:11:20 | 00,451,599 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmuda.sys -- (cmuda)
DRV - [2002/09/16 17:07:24 | 00,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2002/06/17 13:09:56 | 00,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2001/08/28 13:00:00 | 00,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2001/08/28 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [1998/02/25 23:27:02 | 00,022,688 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PPSIO.SYS -- (ppsio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = andre.dubant.free.fr
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://andre.dubant.free.fr/
IE - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\S-1-5-21-1960408961-1767777339-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\S-1-5-21-1960408961-1767777339-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\S-1-5-21-1960408961-1767777339-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.13.1.5:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "engine://C%3A%5CPROGRAM%20FILES%5CMOZILLA.ORG%5CMOZILLA%5Csearchplugins%5Cgooglefr.src"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.fr"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.29
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/01/15 08:57:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/27 16:39:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/23 21:03:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/12/01 14:00:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/01/13 23:11:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\Mozilla\Extensions
[2010/01/13 23:11:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/02/01 10:51:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\Mozilla\Firefox\Profiles\3g97cwj8.default\extensions
[2009/10/20 17:02:27 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Andre\Application Data\Mozilla\Firefox\Profiles\3g97cwj8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/02/24 23:49:06 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\Andre\Application Data\Mozilla\Firefox\Profiles\3g97cwj8.default\searchplugins\winamp-search.xml
[2010/02/01 10:51:00 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/16 02:10:07 | 00,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/01/16 02:10:07 | 00,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/16 02:10:07 | 00,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/01/16 02:10:07 | 00,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/01/16 02:10:07 | 00,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2008/11/08 18:36:33 | 00,290,933 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10016 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [Dimension4] C:\Program Files\d4time\D4.exe (Thinking Man Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003..\Run: [\\PC_NADOU\EPSON Stylus DX6000 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003..\Run: [Auto EPSON Stylus DX6000 Series (Copie 1) sur PC_NADOU] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003..\Run: [Auto EPSON Stylus DX6000 Series sur PC_NADOU] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Andre\Menu Démarrer\Programmes\Démarrage\Barre d'Outils Olitec.lnk = C:\OLIFAXVX\TOOLBAR.EXE (OLITEC)
O4 - Startup: C:\Documents and Settings\Andre\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Andre\Menu Démarrer\Programmes\Démarrage\Moniteur Fax-Voix.lnk = C:\OLIFAXVX\MONITEUR.EXE ()
O4 - Startup: C:\Documents and Settings\Andre\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\..Trusted Domains: ([]msn in Poste de travail)
O15 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Andre\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Andre\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/05 12:06:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/11/02 19:02:52 | 00,000,000 | ---D | M] - H:\auto -- [ FAT32 ]
O33 - MountPoints2\{3b0465f7-5656-11de-8d9d-000b6a271107}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/04/05 12:05:29 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/01/29 22:08:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/29 22:05:50 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/29 22:02:11 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Andre\Bureau\erunt-setup.exe
[2010/01/29 21:57:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Application Data\Malwarebytes
[2010/01/29 21:57:29 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/29 21:57:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/29 21:57:14 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/29 21:57:12 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/29 21:50:07 | 05,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andre\Bureau\mbam-setup.exe
[2010/01/29 21:49:27 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andre\Bureau\OTL.exe
[2010/01/29 21:12:30 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/19 18:57:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Application Data\dvdcss
[2010/01/15 08:30:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Mes documents\ForceField Shared Files
[2010/01/15 08:30:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Application Data\CheckPoint
[2010/01/15 08:28:51 | 00,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/01/15 08:28:16 | 00,046,472 | ---- | C] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsutil_loc040c.dll
[2010/01/15 08:28:08 | 00,058,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2010/01/15 08:27:57 | 00,103,816 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2010/01/15 08:27:55 | 00,069,000 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2010/01/15 08:26:49 | 00,041,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2010/01/15 08:26:42 | 01,238,408 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2010/01/15 08:26:41 | 00,109,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2010/01/15 08:26:36 | 00,299,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2010/01/15 08:26:35 | 00,107,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2010/01/15 08:26:02 | 00,486,280 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2010/01/15 08:25:01 | 00,112,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2010/01/15 08:24:59 | 00,621,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2010/01/15 08:24:59 | 00,227,720 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2010/01/15 08:20:03 | 00,713,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sxs.dll
[2010/01/15 08:20:00 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/01/14 17:05:00 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/01/14 17:04:59 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/01/14 17:04:59 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/01/14 17:04:59 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/01/14 17:04:18 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/01/13 23:11:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Local Settings\Application Data\TomTom
[2010/01/13 23:11:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Application Data\TomTom
[2010/01/13 23:10:32 | 00,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2010/01/13 23:09:09 | 00,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[2010/01/03 14:47:57 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/03 14:47:57 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/03 14:47:56 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/02/16 18:39:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/05/12 21:18:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/04/05 12:58:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/04/05 12:14:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/04/05 12:05:33 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/04/05 12:05:33 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/02/01 11:00:27 | 08,912,896 | -H-- | M] () -- C:\Documents and Settings\Andre\NTUSER.DAT
[2010/02/01 10:25:35 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/01 10:23:54 | 00,001,000 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/01 10:22:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/01 10:22:12 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/01 10:22:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/30 22:58:07 | 00,589,856 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/01/30 22:58:07 | 00,035,776 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/01/30 22:58:07 | 00,007,288 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/01/30 22:58:06 | 03,770,400 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/01/30 22:57:22 | 00,000,184 | -HS- | M] () -- C:\Documents and Settings\Andre\ntuser.ini
[2010/01/29 22:08:23 | 00,005,024 | ---- | M] () -- C:\Documents and Settings\Andre\Bureau\erunt-loc_fr.zip
[2010/01/29 22:06:01 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Andre\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/01/29 22:05:56 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Andre\Bureau\NTREGOPT.lnk
[2010/01/29 22:05:56 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Andre\Bureau\ERUNT.lnk
[2010/01/29 22:02:31 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Andre\Bureau\erunt-setup.exe
[2010/01/29 21:57:35 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/01/29 21:51:52 | 05,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andre\Bureau\mbam-setup.exe
[2010/01/29 21:49:32 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andre\Bureau\OTL.exe
[2010/01/29 21:42:30 | 00,005,718 | ---- | M] () -- C:\WINDOWS\UEDIT32.INI
[2010/01/29 21:12:32 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Andre\Bureau\HijackThis.lnk
[2010/01/29 20:50:09 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Andre\Local Settings\Application Data\housecall.guid.cache
[2010/01/26 18:37:50 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/23 21:03:25 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2010/01/21 10:56:40 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/21 10:06:02 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/01/15 08:31:39 | 00,428,416 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/01/15 08:28:34 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/01/15 08:28:32 | 00,000,731 | ---- | M] () -- C:\Documents and Settings\Andre\Bureau\ZoneAlarm Security.lnk
[2010/01/15 08:21:26 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/15 08:15:42 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/01/15 08:15:42 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/01/14 17:05:35 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2010/01/12 10:58:51 | 00,000,378 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/01/29 22:06:01 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Andre\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/01/29 22:05:56 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Andre\Bureau\NTREGOPT.lnk
[2010/01/29 22:05:56 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Andre\Bureau\ERUNT.lnk
[2010/01/29 22:04:09 | 00,005,024 | ---- | C] () -- C:\Documents and Settings\Andre\Bureau\erunt-loc_fr.zip
[2010/01/29 21:57:35 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/01/29 21:12:32 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Andre\Bureau\HijackThis.lnk
[2010/01/29 20:50:09 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Andre\Local Settings\Application Data\housecall.guid.cache
[2010/01/21 10:06:02 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/01/21 10:06:01 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/01/15 08:28:32 | 00,000,731 | ---- | C] () -- C:\Documents and Settings\Andre\Bureau\ZoneAlarm Security.lnk
[2010/01/15 08:26:02 | 00,428,416 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/01/14 17:05:33 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2008/09/29 21:32:16 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2008/06/03 20:05:16 | 00,000,868 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2007/11/07 21:17:32 | 00,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2007/05/26 13:56:03 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Andre\Application Data\$_hpcst$.hpc
[2007/05/04 09:32:29 | 00,000,031 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2007/03/13 18:42:42 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDER300Euro.ini
[2007/02/13 18:11:43 | 00,000,096 | ---- | C] () -- C:\WINDOWS\jascreg.ini
[2007/02/13 18:11:07 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll
[2006/10/25 18:50:52 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/10/09 16:49:25 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDE V10V100V350EFGD.ini
[2006/09/15 16:02:35 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Andre\Local Settings\Application Data\fusioncache.dat
[2006/09/08 17:07:49 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/09/08 17:07:49 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/09/08 17:07:12 | 00,618,496 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2006/09/08 17:07:11 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\LPNG.DLL
[2006/09/06 21:32:05 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2006/09/06 21:32:03 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2006/08/28 12:34:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\TBRIDGE.INI
[2006/08/23 13:33:05 | 00,022,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\PPSIO.SYS
[2006/06/05 21:30:32 | 00,014,025 | ---- | C] () -- C:\WINDOWS\TWAINCAP.INI
[2006/06/05 17:30:40 | 00,001,466 | ---- | C] () -- C:\WINDOWS\VISITE.INI
[2006/06/05 08:58:57 | 00,000,008 | ---- | C] () -- C:\WINDOWS\MCONTROL.INI
[2006/06/05 08:58:54 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2006/06/05 08:58:54 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2006/06/05 08:58:54 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2006/06/05 08:58:54 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2006/06/05 08:58:54 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2006/05/28 18:10:27 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/05/09 17:25:58 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/04/19 22:21:08 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/04/17 20:42:27 | 00,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/09 17:33:16 | 00,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2006/04/09 17:33:16 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2006/04/09 17:33:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2006/04/09 17:31:55 | 00,002,546 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/04/09 17:31:52 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/04/09 15:56:59 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/04/09 13:16:11 | 00,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2006/04/06 23:20:33 | 00,000,423 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2006/04/06 23:06:04 | 00,000,378 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2006/04/06 22:47:36 | 00,005,718 | ---- | C] () -- C:\WINDOWS\UEDIT32.INI
[2006/04/06 21:32:29 | 00,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2006/04/06 17:48:17 | 00,050,688 | ---- | C] () -- C:\Documents and Settings\Andre\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/05 12:46:47 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2001/10/28 16:42:30 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2001/08/28 13:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2006/12/18 11:52:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\EPSON
[2008/10/05 20:20:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Colormailer Photobooks
[2008/09/18 21:52:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2006/04/06 21:32:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FirstClass
[2008/07/14 21:30:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/01/15 08:30:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\CheckPoint
[2006/10/25 18:50:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\EPSON
[2007/04/10 16:39:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\HTML Executable
[2008/06/03 20:06:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\ICQ
[2006/09/06 21:31:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\InterTrust
[2009/08/31 15:33:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\Leadertech
[2006/06/07 07:10:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\Nikon
[2006/04/08 09:33:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\PDFCreator
[2009/09/17 10:20:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\PicturesToExe
[2007/11/06 21:42:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\Thunderbird
[2009/02/24 19:39:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\Todae
[2010/01/13 23:11:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\TomTom
[2007/01/16 19:06:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\uTorrent

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>
[2001/05/24 11:59:30 | 00,162,304 | ---- | M] () -- C:\UNWISE.EXE


<MD5>
[2004/08/19 15:20:54 | 18,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/19 15:20:54 | 18,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
[2001/08/17 21:58:00 | 00,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2001/08/17 21:58:00 | 00,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\AGP440.SYS

<MD5>
[2004/08/19 15:20:54 | 18,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/19 15:20:54 | 18,782,711 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2001/08/28 13:00:00 | 00,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

<MD5>
[2001/08/28 13:00:00 | 00,047,616 | ---- | M] (Microsoft Corporation) MD5=21625DD16C2B397E3F69341E1D7E72BF -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/19 15:09:26 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/19 15:09:26 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\system32\eventlog.dll

<MD5>
[2001/08/28 13:00:00 | 00,397,824 | ---- | M] (Microsoft Corporation) MD5=5C6CAFA21A45A3F51DB9C2B699D98D7B -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/19 15:09:38 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/19 15:09:38 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\system32\netlogon.dll

<MD5>
[2001/08/28 13:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=414426B3CCD8D9A2AADFB9A9A4538F66 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/19 15:09:40 | 00,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/19 15:09:40 | 00,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\system32\scecli.dll

<systemroot>

<systemroot>
[2004/08/19 14:52:22 | 00,070,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mmsystem.dll
[2001/08/28 13:00:00 | 00,005,120 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell.dll

<systemroot>
<End>
alfadelta
 
Messages: 7
Inscription: 29 Jan 2010, 21:45

Messagede nickW » 06 Fév 2010, 01:00

Bonsoir,

Pourrais-tu envoyer le rapport d'Avira ANtivir montrant le "virus" détecté?


Le PC n'est-il pas plus rapide avec un seul antivirus?


Pourrais-tu créer un nouveau rapport OTL:

Étape 1: OTL (de OldTimer), analyse
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cocher (en haut) la case située devant Scan All Users:
Image

Puis cliquer sur le bouton Run Scan:
Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Le second rapport est visible dans la Barre des tâches. Le fermer également.
Fermer la fenêtre de OTL.


Étape 2: Résultats
Envoyer en réponse:
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede alfadelta » 07 Fév 2010, 11:46

Voici le rapport d'Avira


Avira AntiVir Personal
Date de création du fichier de rapport : mercredi 20 janvier 2010 19:43

La recherche porte sur 1570785 souches de virus.

Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
Numéro de série : 0000149996-ADJIE-0000001
Plateforme : Windows XP
Version de Windows : (Service Pack 2) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur : ANDRE

Informations de version :
BUILD.DAT : 9.0.0.74 21698 Bytes 04/12/2009 13:56:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 15/01/2010 07:15:40
AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 10:21:02
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 11:35:11
LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 10:21:31
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 07:15:32
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 07:15:33
VBASE002.VDF : 7.10.1.1 2048 Bytes 19/11/2009 07:15:33
VBASE003.VDF : 7.10.1.2 2048 Bytes 19/11/2009 07:15:33
VBASE004.VDF : 7.10.1.3 2048 Bytes 19/11/2009 07:15:33
VBASE005.VDF : 7.10.1.4 2048 Bytes 19/11/2009 07:15:33
VBASE006.VDF : 7.10.1.5 2048 Bytes 19/11/2009 07:15:33
VBASE007.VDF : 7.10.1.6 2048 Bytes 19/11/2009 07:15:33
VBASE008.VDF : 7.10.1.7 2048 Bytes 19/11/2009 07:15:33
VBASE009.VDF : 7.10.1.8 2048 Bytes 19/11/2009 07:15:33
VBASE010.VDF : 7.10.1.9 2048 Bytes 19/11/2009 07:15:33
VBASE011.VDF : 7.10.1.10 2048 Bytes 19/11/2009 07:15:34
VBASE012.VDF : 7.10.1.11 2048 Bytes 19/11/2009 07:15:34
VBASE013.VDF : 7.10.1.79 209920 Bytes 25/11/2009 07:15:34
VBASE014.VDF : 7.10.1.128 197632 Bytes 30/11/2009 07:15:34
VBASE015.VDF : 7.10.1.178 195584 Bytes 07/12/2009 07:15:35
VBASE016.VDF : 7.10.1.224 183296 Bytes 14/12/2009 07:15:35
VBASE017.VDF : 7.10.1.247 182272 Bytes 15/12/2009 07:15:35
VBASE018.VDF : 7.10.2.30 198144 Bytes 21/12/2009 07:15:35
VBASE019.VDF : 7.10.2.63 187392 Bytes 24/12/2009 07:15:35
VBASE020.VDF : 7.10.2.93 195072 Bytes 29/12/2009 07:15:36
VBASE021.VDF : 7.10.2.131 201216 Bytes 07/01/2010 07:15:36
VBASE022.VDF : 7.10.2.158 192000 Bytes 11/01/2010 07:15:36
VBASE023.VDF : 7.10.2.186 200704 Bytes 14/01/2010 07:15:36
VBASE024.VDF : 7.10.2.205 201728 Bytes 15/01/2010 19:00:35
VBASE025.VDF : 7.10.2.219 158720 Bytes 18/01/2010 19:00:41
VBASE026.VDF : 7.10.2.230 173056 Bytes 19/01/2010 18:41:00
VBASE027.VDF : 7.10.2.231 2048 Bytes 19/01/2010 18:41:00
VBASE028.VDF : 7.10.2.232 2048 Bytes 19/01/2010 18:41:01
VBASE029.VDF : 7.10.2.233 2048 Bytes 19/01/2010 18:41:01
VBASE030.VDF : 7.10.2.234 2048 Bytes 19/01/2010 18:41:01
VBASE031.VDF : 7.10.2.239 75776 Bytes 19/01/2010 18:41:05
Version du moteur : 8.2.1.142
AEVDF.DLL : 8.1.1.2 106867 Bytes 15/01/2010 07:15:39
AESCRIPT.DLL : 8.1.3.7 594296 Bytes 15/01/2010 07:15:39
AESCN.DLL : 8.1.3.1 127348 Bytes 15/01/2010 07:15:39
AESBX.DLL : 8.1.1.1 246132 Bytes 15/01/2010 07:15:39
AERDL.DLL : 8.1.3.4 479605 Bytes 15/01/2010 07:15:39
AEPACK.DLL : 8.2.0.5 422262 Bytes 15/01/2010 07:15:38
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 15/01/2010 07:15:38
AEHEUR.DLL : 8.1.0.195 2232695 Bytes 15/01/2010 07:15:38
AEHELP.DLL : 8.1.10.0 237942 Bytes 15/01/2010 07:15:38
AEGEN.DLL : 8.1.1.83 369014 Bytes 15/01/2010 07:15:37
AEEMU.DLL : 8.1.1.0 393587 Bytes 15/01/2010 07:15:37
AECORE.DLL : 8.1.9.5 184693 Bytes 15/01/2010 07:15:37
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 14:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 08:47:30
AVPREF.DLL : 9.0.3.0 44289 Bytes 15/01/2010 07:15:40
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 14:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 15:24:42
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 15:05:22
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 10:36:37
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 15:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 08:20:57
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 15:40:59
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/01/2010 07:15:21
RCTEXT.DLL : 9.0.73.0 88321 Bytes 15/01/2010 07:15:21

Configuration pour la recherche actuelle :
Nom de la tâche...............................: Contrôle intégral du système
Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp
Documentation.................................: bas
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: C:, D:, E:, G:,
Recherche dans les programmes actifs..........: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Tous les fichiers
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen

Début de la recherche : mercredi 20 janvier 2010 19:43

La recherche d'objets cachés commence.
'29639' objets ont été contrôlés, '0' objets cachés ont été trouvés.

La recherche sur les processus démarrés commence :
Processus de recherche 'ssstars.scr' - '1' module(s) sont contrôlés
Processus de recherche 'guardgui.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmiprvse.exe' - '1' module(s) sont contrôlés
Processus de recherche 'helpsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avnotify.exe' - '1' module(s) sont contrôlés
Processus de recherche 'PicasaUpdater.exe' - '1' module(s) sont contrôlés
Processus de recherche 'Picasa3.exe' - '1' module(s) sont contrôlés
Processus de recherche 'Psp.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'vsmon.exe' - '0' module(s) sont contrôlés
Processus de recherche 'soffice.bin' - '1' module(s) sont contrôlés
Processus de recherche 'NMIndexingService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'soffice.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ntvdm.exe' - '1' module(s) sont contrôlés
Processus de recherche 'AcroTray.exe' - '1' module(s) sont contrôlés
Processus de recherche 'iPodService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'NMIndexStoreSvr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'rapimgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'TomTomHOMERunner.exe' - '1' module(s) sont contrôlés
Processus de recherche 'E_FATIBIE.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'NMBgMonitor.exe' - '1' module(s) sont contrôlés
Processus de recherche 'GoogleToolbarNotifier.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wcescomm.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'zlclient.exe' - '0' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winampa.exe' - '1' module(s) sont contrôlés
Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'PDVDServ.exe' - '1' module(s) sont contrôlés
Processus de recherche 'InCD.exe' - '1' module(s) sont contrôlés
Processus de recherche 'EEventManager.exe' - '1' module(s) sont contrôlés
Processus de recherche 'atiptaxx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmiapsrv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wdfmgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'TomTomHOMEService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'RichVideo.exe' - '1' module(s) sont contrôlés
Processus de recherche 'LSSrvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
Processus de recherche 'InCDsrv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'mDNSResponder.exe' - '1' module(s) sont contrôlés
Processus de recherche 'AppleMobileDeviceService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ForceField.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ISWSVC.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'59' processus ont été contrôlés avec '59' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD1
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD2
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD3
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD4
[INFO] Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'D:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'E:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'G:\'
[INFO] Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '60' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\'
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
Catched Exception ScanSearch in file C:\Documents and Settings\Andre\Mes documents\Mes images\Lightroom\Lightroom Previews.lrdata\A\A170\A170DFE3-9839-43F1-928D-9C43CE5AB3F0-514d8ee17112aeee3852fda5392a8ee8.lr-preview.noindex:
ACCESS_VIOLATION
EAX = 145A4FB2 EBX = 7C802442
ECX = CAB7E400 EDX = 02E2C008
ESI = 7C809C4C EDI = 7c802530
EIP = 00448AFF EBP = 01C0E0D4
ESP = 01C0E0BC Flg = 00010206
CS = 00000023 SS = 0000001B
C:\WINDOWS\system32\bnlkm.dll
[RESULTAT] Contient le modèle de détection du ver WORM/Conficker.Z.22
Recherche débutant dans 'D:\'
Recherche débutant dans 'E:\'
E:\tempo\GPS_PPC\OZIEXPLORER\OziExplorer 3.95.3f + Crack.rar
[0] Type d'archive: RAR
--> OziExplorer 3.95.3f (Crack).zip
[1] Type d'archive: ZIP
--> OziExpLOAD.exe
[RESULTAT] Contient le cheval de Troie TR/PSW.Banker3.QSL
E:\tempo\prog\zaSetup_91_007_004_fr.exe
[0] Type d'archive: ZIP SFX (self extracting)
--> SWITCHUNINST_33ZONE LABS.EXE
[1] Type d'archive: RSRC
--> WINDOWS6.0-KB929547-V2-X64.MSU
[1] Type d'archive: CAB (Microsoft)
--> Windows6.0-KB929547-v2-x64.cab
[AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.
Recherche débutant dans 'G:\'

Début de la désinfection :
C:\WINDOWS\system32\bnlkm.dll
[RESULTAT] Contient le modèle de détection du ver WORM/Conficker.Z.22
[AVERTISSEMENT] Erreur lors de la création d'une copie de sécurité du fichier. Le fichier n'a pas été supprimé. Code d'erreur : 26004
[AVERTISSEMENT] Impossible de trouver le fichier source.
[REMARQUE] Tentative en cours d'exécuter l'action à l'aide de la bibliothèque ARK.
[AVERTISSEMENT] Erreur dans la bibliothèque ARK
[REMARQUE] Le fichier a été repéré pour une suppression après un redémarrage.
E:\tempo\GPS_PPC\OZIEXPLORER\OziExplorer 3.95.3f + Crack.rar
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4bc07d56.qua' !


Fin de la recherche : mercredi 20 janvier 2010 22:59
Temps nécessaire: 3:12:12 Heure(s)

La recherche a été effectuée intégralement

7847 Les répertoires ont été contrôlés
430101 Des fichiers ont été contrôlés
2 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
1 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
1 Impossible de contrôler des fichiers
430098 Fichiers non infectés
3383 Les archives ont été contrôlées
4 Avertissements
3 Consignes
29639 Des objets ont été contrôlés lors du Rootkitscan
0 Des objets cachés ont été trouvés


Plus rapide? Pas vraiment.
alfadelta
 
Messages: 7
Inscription: 29 Jan 2010, 21:45

Analyse

Messagede alfadelta » 07 Fév 2010, 11:48

et le 2° rapport OTL

OTL logfile created on: 07/02/2010 11:24:39 - Run 2
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Andre\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

255,00 Mb Total Physical Memory | 99,00 Mb Available Physical Memory | 39,00% Memory free
617,00 Mb Paging File | 254,00 Mb Available in Paging File | 41,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 62,34 Gb Free Space | 79,79% Space Free | Partition Type: NTFS
Drive D: | 18,62 Gb Total Space | 14,17 Gb Free Space | 76,10% Space Free | Partition Type: NTFS
Drive E: | 38,33 Gb Total Space | 3,28 Gb Free Space | 8,56% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 154,76 Gb Total Space | 152,59 Gb Free Space | 98,60% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDRE
Current User Name: Andre
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/29 21:49:32 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andre\Bureau\OTL.exe
PRC - [2010/01/15 08:15:41 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/15 08:15:40 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/12/04 16:36:20 | 02,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/12/04 16:34:52 | 01,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/11/13 12:31:14 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/11/13 12:31:12 | 00,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/10/27 16:58:58 | 00,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2009/10/27 16:58:48 | 00,730,480 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/03/02 13:08:11 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/08/04 00:02:20 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/03/30 09:36:40 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/03/30 16:30:16 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/12/23 17:05:20 | 00,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 16:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
PRC - [2006/11/30 16:06:28 | 02,486,272 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.1\program\soffice.bin
PRC - [2006/11/30 16:06:18 | 02,334,720 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
PRC - [2006/11/23 14:10:42 | 00,056,928 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2006/11/13 13:07:02 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:06:52 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/11/10 15:19:32 | 01,051,648 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2006/11/10 15:18:42 | 00,859,136 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2006/10/19 12:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
PRC - [2006/09/22 03:01:00 | 00,139,264 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIBIE.EXE
PRC - [2006/03/17 09:30:26 | 00,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
PRC - [2006/02/22 04:39:16 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006/02/21 20:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/08/07 13:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2004/08/19 15:10:00 | 00,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2004/08/19 15:09:54 | 01,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/03/15 04:18:18 | 00,049,254 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe


========== Modules (SafeList) ==========

MOD - [2010/01/29 21:49:32 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andre\Bureau\OTL.exe
MOD - [2009/10/27 16:59:06 | 00,628,080 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2006/12/01 21:54:34 | 00,548,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
MOD - [2006/12/01 21:54:32 | 00,626,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
MOD - [2004/08/19 15:07:58 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/15 08:15:41 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/01/15 08:15:40 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/12/04 16:36:20 | 02,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/11/13 12:31:14 | 00,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/10/27 16:58:58 | 00,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/04/18 09:15:41 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/01/05 12:41:10 | 00,774,144 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2006/12/23 16:54:04 | 00,262,144 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/11/10 15:18:42 | 00,859,136 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2006/10/19 12:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/05/09 17:24:54 | 00,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2006/02/22 04:39:16 | 00,405,504 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/02/21 20:05:00 | 00,520,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2005/08/07 13:54:00 | 00,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)


========== Driver Services (SafeList) ==========

DRV - [2010/01/15 08:15:42 | 00,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/01/15 08:15:42 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/12/04 16:34:56 | 00,486,280 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/10/27 16:58:32 | 00,025,208 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009/03/30 10:32:47 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:34:33 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/02/05 20:59:03 | 00,213,520 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2008/07/31 23:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2006/11/10 15:17:50 | 00,033,792 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2006/11/10 15:16:34 | 00,031,360 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2006/11/10 15:15:44 | 00,102,912 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006/11/06 17:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2006/05/09 16:50:56 | 00,034,944 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/02/22 04:46:26 | 01,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/02/14 01:00:00 | 00,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\K!TV\Plugins\S_Bt8x8\DSDrv4.sys -- (DSDrv4)
DRV - [2004/08/03 22:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 21:59:52 | 00,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/03 21:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - [2002/11/11 18:52:54 | 00,006,400 | ---- | M] (Pinnacle Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctvvbi.sys -- (pctvvbi)
DRV - [2002/11/01 10:11:20 | 00,451,599 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmuda.sys -- (cmuda)
DRV - [2002/09/16 17:07:24 | 00,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2002/06/17 13:09:56 | 00,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2001/08/28 13:00:00 | 00,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2001/08/28 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [1998/02/25 23:27:02 | 00,022,688 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PPSIO.SYS -- (ppsio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = andre.dubant.free.fr
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://andre.dubant.free.fr/
IE - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\S-1-5-21-1960408961-1767777339-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\S-1-5-21-1960408961-1767777339-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\S-1-5-21-1960408961-1767777339-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.13.1.5:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "engine://C%3A%5CPROGRAM%20FILES%5CMOZILLA.ORG%5CMOZILLA%5Csearchplugins%5Cgooglefr.src"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.fr"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.29
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/01/15 08:57:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/27 16:39:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/23 21:03:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/12/01 14:00:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/01/13 23:11:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\Mozilla\Extensions
[2010/01/13 23:11:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/02/05 13:18:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andre\Application Data\Mozilla\Firefox\Profiles\3g97cwj8.default\extensions
[2009/10/20 17:02:27 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Andre\Application Data\Mozilla\Firefox\Profiles\3g97cwj8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/02/24 23:49:06 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\Andre\Application Data\Mozilla\Firefox\Profiles\3g97cwj8.default\searchplugins\winamp-search.xml
[2010/02/05 13:18:10 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/16 02:10:07 | 00,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/01/16 02:10:07 | 00,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/16 02:10:07 | 00,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/01/16 02:10:07 | 00,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/01/16 02:10:07 | 00,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2008/11/08 18:36:33 | 00,290,933 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10016 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [Dimension4] C:\Program Files\d4time\D4.exe (Thinking Man Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003..\Run: [\\PC_NADOU\EPSON Stylus DX6000 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003..\Run: [Auto EPSON Stylus DX6000 Series (Copie 1) sur PC_NADOU] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003..\Run: [Auto EPSON Stylus DX6000 Series sur PC_NADOU] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Andre\Menu Démarrer\Programmes\Démarrage\Barre d'Outils Olitec.lnk = C:\OLIFAXVX\TOOLBAR.EXE (OLITEC)
O4 - Startup: C:\Documents and Settings\Andre\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Andre\Menu Démarrer\Programmes\Démarrage\Moniteur Fax-Voix.lnk = C:\OLIFAXVX\MONITEUR.EXE ()
O4 - Startup: C:\Documents and Settings\Andre\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\..Trusted Domains: ([]msn in Poste de travail)
O15 - HKU\S-1-5-21-1960408961-1767777339-839522115-1003\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Andre\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Andre\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/05 12:06:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3b0465f7-5656-11de-8d9d-000b6a271107}\Shell - "" = AutoRun
O33 - MountPoints2\{d85c1ec6-f2fb-11de-8ea9-000b6a271107}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/04 13:03:48 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2010/01/29 22:08:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/29 22:05:50 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/29 22:02:11 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Andre\Bureau\erunt-setup.exe
[2010/01/29 21:57:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Application Data\Malwarebytes
[2010/01/29 21:57:29 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/29 21:57:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/29 21:57:14 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/29 21:57:12 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/29 21:50:07 | 05,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andre\Bureau\mbam-setup.exe
[2010/01/29 21:49:27 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andre\Bureau\OTL.exe
[2010/01/29 21:12:30 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/19 18:57:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Application Data\dvdcss
[2010/01/15 08:30:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Mes documents\ForceField Shared Files
[2010/01/15 08:30:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Application Data\CheckPoint
[2010/01/15 08:28:51 | 00,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/01/15 08:28:16 | 00,046,472 | ---- | C] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsutil_loc040c.dll
[2010/01/15 08:28:08 | 00,058,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2010/01/15 08:27:57 | 00,103,816 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2010/01/15 08:27:55 | 00,069,000 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2010/01/15 08:26:49 | 00,041,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2010/01/15 08:26:42 | 01,238,408 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2010/01/15 08:26:41 | 00,109,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2010/01/15 08:26:36 | 00,299,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2010/01/15 08:26:35 | 00,107,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2010/01/15 08:26:02 | 00,486,280 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2010/01/15 08:25:01 | 00,112,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2010/01/15 08:24:59 | 00,621,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2010/01/15 08:24:59 | 00,227,720 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2010/01/15 08:20:03 | 00,713,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sxs.dll
[2010/01/15 08:20:00 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/01/14 17:05:00 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/01/14 17:04:59 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/01/14 17:04:59 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/01/14 17:04:59 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/01/14 17:04:18 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/01/13 23:11:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Local Settings\Application Data\TomTom
[2010/01/13 23:11:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andre\Application Data\TomTom
[2010/01/13 23:10:32 | 00,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2010/01/13 23:09:09 | 00,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[2009/02/16 18:39:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/05/12 21:18:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/04/05 12:58:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/04/05 12:14:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/04/05 12:05:33 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/04/05 12:05:33 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/02/07 11:10:50 | 00,001,000 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/07 11:08:53 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/07 11:06:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/07 11:06:16 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/07 11:06:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/05 20:48:08 | 08,912,896 | -H-- | M] () -- C:\Documents and Settings\Andre\NTUSER.DAT
[2010/02/05 20:48:07 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/02/05 20:48:07 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/02/05 20:48:07 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/02/05 20:48:07 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/02/05 20:47:41 | 00,000,184 | -HS- | M] () -- C:\Documents and Settings\Andre\ntuser.ini
[2010/02/05 19:45:23 | 00,005,702 | ---- | M] () -- C:\WINDOWS\UEDIT32.INI
[2010/02/05 17:52:45 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/02 18:38:07 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/29 22:08:23 | 00,005,024 | ---- | M] () -- C:\Documents and Settings\Andre\Bureau\erunt-loc_fr.zip
[2010/01/29 22:06:01 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Andre\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/01/29 22:05:56 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Andre\Bureau\NTREGOPT.lnk
[2010/01/29 22:05:56 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Andre\Bureau\ERUNT.lnk
[2010/01/29 22:02:31 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Andre\Bureau\erunt-setup.exe
[2010/01/29 21:57:35 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/01/29 21:51:52 | 05,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Andre\Bureau\mbam-setup.exe
[2010/01/29 21:49:32 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andre\Bureau\OTL.exe
[2010/01/29 21:12:32 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Andre\Bureau\HijackThis.lnk
[2010/01/29 20:50:09 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Andre\Local Settings\Application Data\housecall.guid.cache
[2010/01/23 21:03:25 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2010/01/21 10:06:02 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/01/15 08:31:39 | 00,428,416 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/01/15 08:28:34 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/01/15 08:28:32 | 00,000,731 | ---- | M] () -- C:\Documents and Settings\Andre\Bureau\ZoneAlarm Security.lnk
[2010/01/15 08:21:26 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/15 08:15:42 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/01/15 08:15:42 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/01/14 17:05:35 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2010/01/12 10:58:51 | 00,000,378 | ---- | M] () -- C:\WINDOWS\wincmd.ini

========== Files Created - No Company Name ==========

[2010/02/04 15:01:16 | 00,000,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/02/04 15:01:16 | 00,000,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/02/04 15:01:16 | 00,000,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/02/04 15:01:16 | 00,000,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/01/29 22:06:01 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Andre\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/01/29 22:05:56 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Andre\Bureau\NTREGOPT.lnk
[2010/01/29 22:05:56 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Andre\Bureau\ERUNT.lnk
[2010/01/29 22:04:09 | 00,005,024 | ---- | C] () -- C:\Documents and Settings\Andre\Bureau\erunt-loc_fr.zip
[2010/01/29 21:57:35 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/01/29 21:12:32 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Andre\Bureau\HijackThis.lnk
[2010/01/29 20:50:09 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Andre\Local Settings\Application Data\housecall.guid.cache
[2010/01/21 10:06:02 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/01/21 10:06:01 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/01/15 08:28:32 | 00,000,731 | ---- | C] () -- C:\Documents and Settings\Andre\Bureau\ZoneAlarm Security.lnk
[2010/01/15 08:26:02 | 00,428,416 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/01/14 17:05:33 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2008/09/29 21:32:16 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2008/06/03 20:05:16 | 00,000,868 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2007/11/07 21:17:32 | 00,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2007/05/26 13:56:03 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Andre\Application Data\$_hpcst$.hpc
[2007/05/04 09:32:29 | 00,000,031 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2007/03/13 18:42:42 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDER300Euro.ini
[2007/02/13 18:11:43 | 00,000,096 | ---- | C] () -- C:\WINDOWS\jascreg.ini
[2007/02/13 18:11:07 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll
[2006/10/25 18:50:52 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/10/09 16:49:25 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDE V10V100V350EFGD.ini
[2006/09/15 16:02:35 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Andre\Local Settings\Application Data\fusioncache.dat
[2006/09/08 17:07:49 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/09/08 17:07:49 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/09/08 17:07:12 | 00,618,496 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2006/09/08 17:07:11 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\LPNG.DLL
[2006/09/06 21:32:05 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2006/09/06 21:32:03 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2006/08/28 12:34:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\TBRIDGE.INI
[2006/08/23 13:33:05 | 00,022,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\PPSIO.SYS
[2006/06/05 21:30:32 | 00,014,025 | ---- | C] () -- C:\WINDOWS\TWAINCAP.INI
[2006/06/05 17:30:40 | 00,001,466 | ---- | C] () -- C:\WINDOWS\VISITE.INI
[2006/06/05 08:58:57 | 00,000,008 | ---- | C] () -- C:\WINDOWS\MCONTROL.INI
[2006/06/05 08:58:54 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2006/06/05 08:58:54 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2006/06/05 08:58:54 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2006/06/05 08:58:54 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2006/06/05 08:58:54 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2006/05/28 18:10:27 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/05/09 17:25:58 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/04/19 22:21:08 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/04/17 20:42:27 | 00,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/09 17:33:16 | 00,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2006/04/09 17:33:16 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2006/04/09 17:33:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2006/04/09 17:31:55 | 00,002,546 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/04/09 17:31:52 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/04/09 15:56:59 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/04/09 13:16:11 | 00,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2006/04/06 23:20:33 | 00,000,423 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2006/04/06 23:06:04 | 00,000,378 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2006/04/06 22:47:36 | 00,005,702 | ---- | C] () -- C:\WINDOWS\UEDIT32.INI
[2006/04/06 21:32:29 | 00,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2006/04/06 17:48:17 | 00,050,688 | ---- | C] () -- C:\Documents and Settings\Andre\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/05 12:46:47 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2001/10/28 16:42:30 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2001/08/28 13:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
<End>

Merci
alfadelta
 
Messages: 7
Inscription: 29 Jan 2010, 21:45

Effacement ver

Messagede alfadelta » 14 Fév 2010, 19:50

Bonjour
Pour effacer le ver Worm/Conficker.Z.22 qui m'infecte ainsi que mes autres ordinateur, puis je utiliser ATF Cleaner?
Merci d'avance.
J'ai l'impression que mon ordinateur va un peu mieux. L'antivirus et le pare feu fonctionnent.
alfadelta
 
Messages: 7
Inscription: 29 Jan 2010, 21:45


Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 49 invités

cron